Switch drops Check Point CCP packets when CCP is working in multicast mode

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk115142
Technical Level
Product	ClusterXL, Cluster - 3rd-party
Version	All
Platform / Model	All
Date Created	03-Jan-2017
Last Modified	16-Jul-2018

Symptoms

Output of "cphaprob state" command shows that Cluster state of members is "Active Attention" and "Down".
Output of "cphaprob -a if" command shows that specific interfaces are "Down".
Traffic capture of CCP packets (UDP port 8116) on the problematic interfaces shows that CCP packets are not received from peer members.
Changing the CCP mode from Multicast to Broadcast per sk20576 resolves the issue.

Cause

Check Point CCP packets are not able to pass through the switch when CCP is working in multicast mode (by default, the destination IP address of CCP packets is broadcast IP address for the relevant subnet).

Some switches (e.g., Nexus 7000) do not allow traffic that is sent with multicast MAC address, but non-multicast IP address (224.0.0.0 - 239.255.255.255).

Solution

Note: To view this solution you need to Sign In .