1. Is the cluster set up as Active/Passive?
2. Is it VSD-less (i.e. is the command 'unset nsrp vsd-group id 0' configured)?

3. Is it a new setup or has it been up and running for a period of time?
4. Who is the real owner of 10.1.1.1?

The output of the following will help determine the next step:

get nsrp

get config | inc nsrp
get int <int_name> (do this for interface that you're enabling OSPF, on both firewalls) 

Regards,

Josine

Hello,

the cluster is setup as active/active and its not VSD less and "unset nsrp vsd-group 0" is not configured. The setups is a "normal" setup in that the two devices has been configured with set "nsrp cluster id 1"  and the defualt vsd-group 0 has been used.  The setup on this cluster has been running for awhile. The real owner of 10.1.1.1 is the cluster master and its the NSRP address on that interface.

Here are the output of the commands you requested: 

isgcluster:isgcluster01(M)-> get nsrp

nsrp version: 2.0

cluster info:

cluster id: 1, name: isgcluster

local unit id: 6361344

active units discovered: 

index: 0, unit id:   6361344, ctrl mac: 001bc061110a, data mac: 001bc061110a

index: 1, unit id:   6350976, ctrl mac: 001bc060e88a, data mac: 001bc060e88a

total number of units: 2

VSD group info:

init hold time: 5

heartbeat lost threshold: 3

heartbeat interval: 1000(ms)

master always exist: enabled

group priority preempt holddown inelig   master       PB other members

    0       95 yes            3 no       myself  6350976 

total number of vsd groups: 1

Total iteration=3617611,time=1089271752,max=215660,min=439,average=301

RTO mirror info:

run time object sync: enabled

ping session sync: enabled

coldstart sync done

nsrp data packet forwarding is enabled

nsrp link info:

control   channel: ethernet1/4 (ifnum: 10)  mac: 001bc061110a state: up(probe)

data      channel: ethernet1/4 (ifnum: 10)  mac: 001bc061110a state: up(probe)

ha secondary path link not available

NSRP encryption: disabled

NSRP authentication: disabled 

device based nsrp monitoring threshold: 255, weighted sum: 0, not failed

device based nsrp monitor interface: 

device based nsrp monitor zone: 

device based nsrp track ip: (weight: 255, disabled)

number of gratuitous arps: 4 (default)

config sync: enabled

track ip: disabled

isgcluster:isgcluster01(M)->

isgcluster:isgcluster01(M)-> get config | inc nsrp

set nsrp cluster id 1

set nsrp cluster name isgcluster

set nsrp rto-mirror sync

set nsrp rto-mirror session ageout-ack

set nsrp rto-mirror session non-vsi

set nsrp vsd-group master-always-exist

set nsrp vsd-group id 0 priority 95

set nsrp vsd-group id 0 preempt

set nsrp ha-link probe

isgcluster:isgcluster01(M)-> get int eth1/3.6

Interface ethernet1/3.6(VSI):

  description ethernet1/3.6

  number 9, if_info 72120, if_index 6, VLAN tag 500, mode route

  link up, phy-link up/full-duplex

  vsys Root, zone Client, vr trust-vr, vsd 0

  *ip 10.1.1.1/29   mac 0010.dbff.2090

  manage ip 10.1.1.2, mac 001b.c061.1109

  route-deny disable

  pmtu-v4 disabled

  ping enabled, telnet disabled, SSH enabled, SNMP enabled

  web enabled, ident-reset disabled, SSL enabled

  DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0

  OSPF enabled  BGP disabled  RIP disabled  RIPng disabled

  NSGP disabled  mtrace disabled

  PIM: not configured  IGMP not configured

  bandwidth: physical 0Mbps, configured 0Mbps

  DHCP-Relay disabled

Number of SW session: 261100, hw sess err cnt 0

Any ideas on why the cluster secondary is logging those OSPF multicasts?

Regards,

Kim H