cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3995
Views
0
Helpful
3
Replies

ARP entries, unicast to multicast question, adding firewall cluster

tedtice01
Level 1
Level 1

We are attempting to setup an active/active for two Watchguard firewall appliances on a network that has a Nexus 5010 and a Nexus 5020 switches, WAN is via MPLS environment. Since the Nexus 5000 switches don't support adding static ARP entries for a unicast IP to its multicast MAC address, we are stuck. Unless there is a work-around.

Has anyone implemented a Watchguard cluster with the Nexus hardware?

We have found this workaround on a bug report, has anyone tried it with success?

Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf
Enter configuration commands, one per line. End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14
5548-2(config)#

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure

5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

3 Replies 3

Oleksandr Nesterov
Cisco Employee
Cisco Employee

Hi Ted

Please check this link:

https://supportforums.cisco.com/message/3560250#3560250

HTH,

Alex

You are hitting :

CSCtd22110    Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf 
Enter configuration commands, one per line.  End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14 
5548-2(config)# 

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure
 
5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

Andy Pflueger
Level 1
Level 1

Thanks everyone for the advice. One small caveat that we ran into this morning when adding the "ip igmp snooping static-group..." statement to our VLAN. We received the following message:

Interface Eth1/17 is member of port-channel100, configuration cached

Does this mean we need to shut/no shut (or reset) the port-channel before the multicast MAC gets added to the mac-address-table? (Hope not!)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: