Configuration Guide User guide
836 FastIron Configuration Guide
53-1002494-02
Multi-Chassis Trunking Overview
22
• Ingress ACLs on all MCT ports. Egress ACLs are supported only on MCT CEPs or ICL ports.
Egress ACLs are not supported on MCT CCEPs.
• QoS and MAC filters and profiles with the same configuration on both cluster devices.
• IPv4 ACLs and rate limits. If the rules are applied on the CCEPs, the same rules must be
applied to the CCEP ports on both cluster devices.
• Layer 3 Routing. VE with IP address assignment is supported on CCEPs for VRRP. However,
routing protocols are not enabled on CCEPs.
• Static multi-port MAC.
• Port MAC security, multi-port authentication, and 802.1X, only on CEPs.
• Static MAC address configuration. Static MAC addresses are programmed on both local and
remote peers as static entries.
• DAI and DHCP snooping for clients connected through CEPs. They must be configured
independently on both cluster devices.
• If the trusted ports are off the CCEP, the arp inspection trust or dhcp snoop trust command
must be used on the CCEPs and ICL ports.
• DHCP and ARP entries are created on both MCT cluster devices if the flow traverses both
the CCEP and ICL.
• Hitless failover. If the failover operation is performed with a cluster configuration, the TCP
session is reestablished. The MAC addresses from the cluster peer devices will be revalidated
and programmed accordingly.
• Hitless upgrade. If the upgrade operation is performed with a cluster configuration, the TCP
session is reestablished. The MAC addresses from the cluster peer devices will be revalidated
and programmed accordingly.
The following FastIron features are not supported with MCT:
• LACP on ICL.
• MSTP, VSRP, RIP, OSPF, IS-IS, and BGP.
• IPv6, VRRP-E (IPv6), and VRRPv3.
• GRE on the ICL VE interfaces.
• DAI on the CCEPs.
• Host security features (port MAC security, multi-port authentication, 802.1X, DAI, DHCP
snooping) on CCEPs.
• Multi-port ARP on ICL or CCEPs.
• Web authentication on MCT VLANs.