KingPez
asked on
Static MAC entry for WatchGuard Active/Active cluster
I am setting up active/active cluster on WatchGuard XTM 5's. This requires me to configure static arp and static MAC entries on all switches and routers in the upstream/downstream of the data path. So I have Port 1 of each WatchGuard patched to VLAN 1 the Cisco 3750 stack.
My problem is - Configuring static MAC entries in Network Assistant asks for MAC address, Vlan, and Output Interface. Is the Output interface they are looking for the port where the Port1 of the Watchgaurds are coming into the switch? I assumed it was but first of all it is worded"output" not "input" which makes me think they mean the port in the stack that goes out to the internet or some other route and second, when I try to add entries for both those WatchGuard connected ports (1 cable per WatchGuard in the cluster" it tells me I can't have duplicates. Please help
My problem is - Configuring static MAC entries in Network Assistant asks for MAC address, Vlan, and Output Interface. Is the Output interface they are looking for the port where the Port1 of the Watchgaurds are coming into the switch? I assumed it was but first of all it is worded"output" not "input" which makes me think they mean the port in the stack that goes out to the internet or some other route and second, when I try to add entries for both those WatchGuard connected ports (1 cable per WatchGuard in the cluster" it tells me I can't have duplicates. Please help
ASKER
Not sure how that relates to my questions at all but thanks for your response.
The link talk about finding multicast MAC; if you were talking about "how to add static ARP entry on the switch/router" then yes this link is useless.
When you configure a static MAC entry, you configure the output ports to which a switch will send traffic for this address.
You only need to configure the entries on switches involved in the layer 2 paths between cluster members. For example, one member on switch1 connected by a trunk to switch2 which has another member; both switch1 and switch 2 should have a static entry for the MAC address for the member port and the trunk port/vlan.
You should only need to configure static ARP entries on any router devices connected to the cluster.
You only need to configure the entries on switches involved in the layer 2 paths between cluster members. For example, one member on switch1 connected by a trunk to switch2 which has another member; both switch1 and switch 2 should have a static entry for the MAC address for the member port and the trunk port/vlan.
You should only need to configure static ARP entries on any router devices connected to the cluster.
ASKER
Frabble: So just to clear it up . . . Switch 1 and 2 are in a stack. Let's say cluster WatchGuard member1 is in port 19 of switch1 and WG member 2 is on port 20 of switch2. Both ports in same VLAN 1.
So I assign static Mac entries to sw1 port 19 and sw2 port 20. Is that it? Only two places? You mentioned a trunk/vlan?
Thanks again.
So I assign static Mac entries to sw1 port 19 and sw2 port 20. Is that it? Only two places? You mentioned a trunk/vlan?
Thanks again.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks Frabble
http://www.watchguard.com/help/docs/wsm/11-xtm/en-US/Content/en-US/ha/cluster_view_multicast_mac.html
Thank you.