We are attempting to setup an active/active for two Watchguard firewall appliances on a network that has a Nexus 5010 and a Nexus 5020 switches, WAN is via MPLS environment. Since the Nexus 5000 switches don't support adding static ARP entries for a unicast IP to its multicast MAC address, we are stuck. Unless there is a work-around.
Has anyone implemented a Watchguard cluster with the Nexus hardware?
We have found this workaround on a bug report, has anyone tried it with success?
Need support for static multicast MAC entries on Nexus 5000
Nexus 5000/5500 does not support adding static Multicast MAC addresses in
5548-2(config)# vlan x
You are hitting :
CSCtd22110 Need support for static multicast MAC entries on Nexus 5000
Nexus 5000/5500 does not support adding static Multicast MAC addresses in valid IGMP range(0100.xxxx.xxxx). For non-IGMP groups, static Multicast MAC can be configured. Example: 5548-2# conf Enter configuration commands, one per line. End with CNTL/Z. 5548-2(config)# mac address-table static 0300.5e01.2345 vlan 5 interface Ethernet1/14 5548-2(config)# Workaround: If static Multicast MAC needs to be added for valid IP IGMP MAC range, configure static-group using corresponding layer 3 multicast IP address for the multicast MAC in question. Example, for IGMP MAC 0100.5E01.0064, configure 5548-2(config)# vlan x 5548-2(config-vlan)# ip igmp snooping static-group 184.108.40.206 interface x
Thanks everyone for the advice. One small caveat that we ran into this morning when adding the "ip igmp snooping static-group..." statement to our VLAN. We received the following message:
Interface Eth1/17 is member of port-channel100, configuration cached
Does this mean we need to shut/no shut (or reset) the port-channel before the multicast MAC gets added to the mac-address-table? (Hope not!)