Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ARP entries, unicast to multicast question, adding firewall cluster

We are attempting to setup an active/active for two Watchguard firewall appliances on a network that has a Nexus 5010 and a Nexus 5020 switches, WAN is via MPLS environment. Since the Nexus 5000 switches don't support adding static ARP entries for a unicast IP to its multicast MAC address, we are stuck. Unless there is a work-around.

Has anyone implemented a Watchguard cluster with the Nexus hardware?

We have found this workaround on a bug report, has anyone tried it with success?

Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf
Enter configuration commands, one per line. End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14
5548-2(config)#

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure

5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

3 REPLIES
Cisco Employee

ARP entries, unicast to multicast question, adding firewall clus

Hi Ted

Please check this link:

https://supportforums.cisco.com/message/3560250#3560250

HTH,

Alex

Cisco Employee

ARP entries, unicast to multicast question, adding firewall clus

You are hitting :

CSCtd22110    Need support for static multicast MAC entries on Nexus 5000

Nexus 5000/5500 does not support adding static Multicast MAC addresses in
valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can
be configured.

Example:
5548-2# conf 
Enter configuration commands, one per line.  End with CNTL/Z.
5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface
Ethernet1/14 
5548-2(config)# 

Workaround:
If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure
static-group using corresponding layer 3 multicast IP address for the multicast
MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure
 
5548-2(config)# vlan x
5548-2(config-vlan)# ip igmp snooping static-group 229.1.0.100 interface x

New Member

ARP entries, unicast to multicast question, adding firewall clus

Thanks everyone for the advice. One small caveat that we ran into this morning when adding the "ip igmp snooping static-group..." statement to our VLAN. We received the following message:

Interface Eth1/17 is member of port-channel100, configuration cached

Does this mean we need to shut/no shut (or reset) the port-channel before the multicast MAC gets added to the mac-address-table? (Hope not!)

3164
Views
0
Helpful
3
Replies