Static MAC entry for WatchGuard Active/Active cluster

I am setting up active/active cluster on WatchGuard XTM 5's.  This requires me to configure static arp and static MAC entries on all switches and routers in the upstream/downstream of the data path.  So I have Port 1 of each WatchGuard patched to VLAN 1 the Cisco 3750 stack.  

My problem is - Configuring static MAC entries in Network Assistant asks for MAC address, Vlan, and Output Interface.  Is the Output interface they are looking for the port where the Port1 of the Watchgaurds are coming into the switch?  I assumed it was but first of all it is worded"output" not "input" which makes me think they mean the port in the stack that goes out to the internet or some other route and second, when I try to add entries for both those WatchGuard connected ports (1 cable per WatchGuard in the cluster" it tells me I can't have duplicates.  Please help

KingPezAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
Have a look at article below and see if it helps you with anything:
http://www.watchguard.com/help/docs/wsm/11-xtm/en-US/Content/en-US/ha/cluster_view_multicast_mac.html

Thank you.
0
KingPezAuthor Commented:
Not sure how that relates to my questions at all but thanks for your response.
0
dpk_walCommented:
The link talk about finding multicast MAC; if you were talking about "how to add static ARP entry on the switch/router" then yes this link is useless.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

FrabbleCommented:
When you configure a static MAC entry, you configure the output ports to which a switch will send traffic for this address.
You only need to configure the entries on switches involved in the layer 2 paths between cluster members. For example, one member on switch1 connected by a trunk to switch2 which has another member; both switch1 and switch 2 should have a static entry for the MAC address for the member port and the trunk port/vlan.

You should only need to configure static ARP entries on any router devices connected to the cluster.
0
KingPezAuthor Commented:
Frabble:  So just to clear it up . . . Switch 1 and 2 are in a stack.  Let's say cluster WatchGuard member1 is in port 19 of switch1 and WG member 2 is on port 20 of switch2.  Both ports in same VLAN 1.

So I assign static Mac entries to sw1 port 19 and sw2 port 20.  Is that it?  Only two places?  You mentioned a trunk/vlan?

Thanks again.
0
FrabbleCommented:
I looked at the link posted by dpk_wal, it was helpful.

You're going to need more than one port from each cluster member. I suggest you don't use VLAN 1, it's bad practice to use it for data.

Here's an example:
Each cluster member, WG1 and WG2, use Port 0 as external and Port 1 as trusted
The switch stack has VLAN 10, name OUTSIDE, and VLAN 20, name INSIDE
Switch1 has:
Port 19 configured for VLAN 10, connected to WG1/Port 0
Port 20 configured for VLAN 20, connected to WG1/Port 1
similarly
Switch2 has:
Port 19 configured for VLAN 10, connected to WG2/Port 0
Port 20 configured for VLAN 20, connected to WG2/Port 1

For Active/Active, each member interface shares the same multicast MAC address, so on the stack:
For the Port 0 multicast address you have a static entry for VLAN 10, outgoing interfaces Switch1/19 and Switch2/19
For the Port 1 multicast address you have a static entry for VLAN 20, outgoing interfaces Switch1/20 and Switch2/20

If you have any other switches connected to the stack that have devices that talk directly to the cluster, then you need to have the static entries but for the outgoing interface or interfaces used to connect to the stack.


HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KingPezAuthor Commented:
Thanks Frabble
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.