Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE multicast MAC

Hi experts,

Have a question here. Our ACE 4710 is setup to forward traffic to a CheckPoint Cluster VIP as default gateway. As the checkpoint active/active cluster is using multicast mode..it basically uses an unicast ip with a multicast mac.

As with most L3 devices, ACE doesn't like this and will not ping to the cluster ip. Normally we can add a static arp entry but when i try adding the cluster virtual mac in the ACE it always gives an "Error: Invalid MAC address".

I'm pretty sure it's not a typo. any thoughts on this or other potential workaround?

thanks heaps.

2 REPLIES

Re: ACE multicast MAC

You got it right.

ACE doesn't like Multicast MAC addresses.

In order to overcome this limitation ,

You can create an SVI on the switch for the same VLAN (Vlan connecting FW & ACE) and define the SVI's IP address as the default gateway on ACE.

Syed Iftekhar Ahmed

New Member

Re: ACE multicast MAC

You can configure a VRF instance between the ACE and the FW. This adds up one hop in your routing scheme but configuring a new SVI could lead to open new holes in your network infrastructure, especially when you have all your devices attached in a vlan that hadn't a SVI before and the switch has other L3 interfaces in the inside network. Then you add a static arp entry in your virtual routing forwarding instance arp table and configure routes to bypass the traffic in both directions.

851
Views
0
Helpful
2
Replies
CreatePlease to create content