Link to home
Create AccountLog in
Avatar of KingPez
KingPezFlag for United States of America

asked on

Static MAC entry for WatchGuard Active/Active cluster

I am setting up active/active cluster on WatchGuard XTM 5's.  This requires me to configure static arp and static MAC entries on all switches and routers in the upstream/downstream of the data path.  So I have Port 1 of each WatchGuard patched to VLAN 1 the Cisco 3750 stack.  

My problem is - Configuring static MAC entries in Network Assistant asks for MAC address, Vlan, and Output Interface.  Is the Output interface they are looking for the port where the Port1 of the Watchgaurds are coming into the switch?  I assumed it was but first of all it is worded"output" not "input" which makes me think they mean the port in the stack that goes out to the internet or some other route and second, when I try to add entries for both those WatchGuard connected ports (1 cable per WatchGuard in the cluster" it tells me I can't have duplicates.  Please help

Avatar of dpk_wal
dpk_wal
Flag of India image

Have a look at article below and see if it helps you with anything:
http://www.watchguard.com/help/docs/wsm/11-xtm/en-US/Content/en-US/ha/cluster_view_multicast_mac.html

Thank you.
Avatar of KingPez

ASKER

Not sure how that relates to my questions at all but thanks for your response.
The link talk about finding multicast MAC; if you were talking about "how to add static ARP entry on the switch/router" then yes this link is useless.
When you configure a static MAC entry, you configure the output ports to which a switch will send traffic for this address.
You only need to configure the entries on switches involved in the layer 2 paths between cluster members. For example, one member on switch1 connected by a trunk to switch2 which has another member; both switch1 and switch 2 should have a static entry for the MAC address for the member port and the trunk port/vlan.

You should only need to configure static ARP entries on any router devices connected to the cluster.
Avatar of KingPez

ASKER

Frabble:  So just to clear it up . . . Switch 1 and 2 are in a stack.  Let's say cluster WatchGuard member1 is in port 19 of switch1 and WG member 2 is on port 20 of switch2.  Both ports in same VLAN 1.

So I assign static Mac entries to sw1 port 19 and sw2 port 20.  Is that it?  Only two places?  You mentioned a trunk/vlan?

Thanks again.
ASKER CERTIFIED SOLUTION
Avatar of Frabble
Frabble
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of KingPez

ASKER

Thanks Frabble