Firewall unable to learn mac address of vip of Cisco Nexus 7706 - Page 2

DJay11 · ‎01-31-2024

Seek help on why the Firewall (Checkpoint) is unable to learn the vip interface of our Cisco Nexus 7706 vip. Both are connected under the same vlan. We have no problem with the physical interface of the Cisco Switch. As a work around, FW team configured the switch vip mac address statically. Is this a switch of Firewall issue? Another brand of FW in our organization encountered the same issue.

MHM Cisco World · ‎02-01-2024

this must config between FW and two NSK
MHM

MHM Cisco World · ‎02-01-2024

I return to home and make topolgy with point
can you confirm each config

DJay11 · ‎02-01-2024

Yes. Config is correct.

MHM Cisco World · ‎02-01-2024

show port-channel summary <<- share this from both Nexus
MHM

DJay11 · ‎02-01-2024

balaji.bandi · ‎02-02-2024

as per the diagram you have 1 connection to each Switch, but the output shows both connected switch 2 (VDC2) only ?

Can you post the same output other vPC switch ?

Do you have 4 links connected (example 2-Switch1 and 2- switch 2 ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎02-02-2024

for what I see all config is correct and both Port members is "P"
so it seem that the FW learn the MAC from first packet receive not from GARP.
the solution I think here is use
peer gateway under the vPC domain in both NSK
MHM

DJay11 · ‎02-04-2024

I see. I'll explore on this. Thanks for the help.