MAC Sticky

Unanswered Question
Jun 16th, 2010
User Badges:

We've been having an issue where after rebooting our ACE, our websites don't come back online.  I finally figured out that it's because the MAC address changes every time and we end up needing to clear the ARP cache on our ASA to get things back online.  Will enabling "MAC sticky" resolve our issue on our web VLAN interface?  It sounds like it will, but would like to be sure.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Sean Merrow Thu, 06/17/2010 - 06:05
User Badges:
  • Silver, 250 points or more

The purpose of mac-sticky is in case you have more than one gateway in front of the ACE, the ACE will a
lways send the server's response back to the same gateway from which it received the client's request.  So I'm not sure that this will solve your problem.


Are you using a pair of redundanct ACE?  If so, you should configure an alias IP on the ACE's interface, which will have a MAC address that won't change regardless of which ACE is active.  It is this IP address that the firewall would use as a next-hop.


Hope this helps,

Sean

corey@networks-... Thu, 06/17/2010 - 06:50
User Badges:

Thanks for the reply Sean!


We only have one ACE.  Based on the ACE MAC Address Allocation PDF that you wrote, I think the MAC is changing on each reboot because we're using shared VLANs between contexts.  I'd really like the MAC to not change on reboot, any other thoughts?

Sean Merrow Thu, 06/17/2010 - 07:27
User Badges:
  • Silver, 250 points or more

Ah...I think I know what's happening.  Set the shared-vlan-hostid in the Admin context.  If you ever add a redundant ACE, be sure to set the peer shared-vlan-hostid to a different number between 1-16.


shared-vlan-hostid 5

peer shared-vlan-hostid 6


Since you don't have a redundant ACE, you can skip the peer line above.


By default, the ACE will randomly choose a number upon each boot up.  This force the ACE to use the same hostid each boot.  This is covered on page 4 in the doc under the Shared VLANs section.


Hope this helps,

Sean

corey@networks-... Thu, 06/17/2010 - 07:54
User Badges:

The way I read that was that by setting the shared-vlan-hostid would still have a dynamic MAC, but it would just pull from a consistent pool of addresses.  But you're saying the MAC will stay consistent?  Thanks for verifying!

Actions

This Discussion