ARP entries, unicast to multicast question, adding firewall cluster

Unanswered Question
Mar 13th, 2012

We are attempting to setup an active/active for two Watchguard firewall appliances on a network that has a Nexus 5010 and a Nexus 5020 switches, WAN is via MPLS environment. Since the Nexus 5000 switches don't support adding static ARP entries for a unicast IP to its multicast MAC address, we are stuck. Unless there is a work-around.

Has anyone implemented a Watchguard cluster with the Nexus hardware?

We have found this workaround on a bug report, has anyone tried it with success?

Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf
Enter configuration commands, one per line. End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14
5548-2(config)#

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure

5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Shelley Bhalla Tue, 03/13/2012 - 11:40

You are hitting :

CSCtd22110    Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf 
Enter configuration commands, one per line.  End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14 
5548-2(config)# 

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure
 
5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

andypflueger Wed, 03/14/2012 - 06:46

Thanks everyone for the advice. One small caveat that we ran into this morning when adding the "ip igmp snooping static-group..." statement to our VLAN. We received the following message:

Interface Eth1/17 is member of port-channel100, configuration cached

Does this mean we need to shut/no shut (or reset) the port-channel before the multicast MAC gets added to the mac-address-table? (Hope not!)

Actions

Login or Register to take actions

This Discussion

Posted March 13, 2012 at 6:30 AM
Stats:
Replies:3 Avg. Rating:
Views:2514 Votes:0
Shares:1
Tags: No tags.

Discussions Leaderboard