Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
3
Replies

HSRP on Cisco720x and Firewall-1 using Stonebeat-Cluster Multicast-MAC

chrrbc
Level 1
Level 1

‎11-08-2002 12:46 AM - edited ‎03-02-2019 02:44 AM

We have a setup with 2 Cisco 720x, IOS 12.2(10) running HSRP and two SunSolaris running Firewall-1 with Stonebeat-Cluster using a multicast-mac addresses (01:00:5e:7c:00:06) all on the same LAN.

The two Cisco see all the packets intended for the firewalls (with destination = multicast mac), and send the packets again with their source address into the LAN. This packets will be seen by the other CISCO and it will behave the same (sending this packet out again).

What we get is a LAN overload and firewalls with high cpu and lost connections.

Workaround: We just unplugged one Cisco.

We changed switched HW, changed from VLAN to dedicated HW for that VLAN with no effect.

Any idea?

We are running a smilar configuration with IOS Version 12.2(4)T3 and Firewall-1 and Stonebeat using multicast mac which runs fine.

Labels:
0 Helpful
3 Replies 3

wkumari
Level 1
Level 1

‎11-08-2002 08:45 AM

Hi... I know that this doesn't necesarilly make much sense, but turn on no ip redirects and make sure proxy arp is off... Fixed a *very* similar problem for me...

0 Helpful

cmorrall
Level 1
Level 1

‎11-08-2002 08:46 AM

Hi,

A couple of points. the MAC address you specified is not a Multicast MAC address. Are you sure you configured Stonbeat to use Multicast MAC and not Unicast MAC? Multicast MAC addresses beging with 09..........

Normaly when you configure Stonbeat with Multicast MAC addresses you need to add a static arp entry on any layer 3 cisco device that talks directly to the cluster address of the firewall. Check your stonbeat config to make sure that it is using multicast mac address - it normaly generates an address for you you when doing this startting with 09 but you can change this manulay but it must start with 09.

Also if you are using Unicast MAC addresses f(as appears) for Cluster IP address and you are using cisco switches - this is not a valid configuration as the Switches do not support forwarding to multiple ports (i.e. 2 ports supporting firewall nodes).

I would double check you Multicast MAC address config on stonebeat and get it to regenrate a proper M MAC address and add static arp entires to the cisco box's and see if this resolves the issue.

0 Helpful

chrrbc
Level 1
Level 1

‎12-04-2002 01:22 AM

The problem is finally solved.

There is a bug in the IOS which only occurs with NPE400 Processor in the 720x VXR Chassis.

Hardware is now replaced by older NPE300.

Works fine now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents