Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1164
Views
9
Helpful
4
Replies

MAC Sticky

corey
Level 1
Level 1

‎06-16-2010 09:09 AM

We've been having an issue where after rebooting our ACE, our websites don't come back online.  I finally figured out that it's because the MAC address changes every time and we end up needing to clear the ARP cache on our ASA to get things back online.  Will enabling "MAC sticky" resolve our issue on our web VLAN interface?  It sounds like it will, but would like to be sure.

Thanks!

Labels:
0 Helpful
4 Replies 4

Sean Merrow
Level 4
Level 4

‎06-17-2010 06:05 AM

The purpose of mac-sticky is in case you have more than one gateway in front of the ACE, the ACE will a
lways send the server's response back to the same gateway from which it received the client's request.  So I'm not sure that this will solve your problem.

Are you using a pair of redundanct ACE?  If so, you should configure an alias IP on the ACE's interface, which will have a MAC address that won't change regardless of which ACE is active.  It is this IP address that the firewall would use as a next-hop.

Hope this helps,

Sean

corey
Level 1
Level 1
In response to Sean Merrow

‎06-17-2010 06:50 AM

Thanks for the reply Sean!

We only have one ACE.  Based on the ACE MAC Address Allocation PDF that you wrote, I think the MAC is changing on each reboot because we're using shared VLANs between contexts.  I'd really like the MAC to not change on reboot, any other thoughts?

0 Helpful

Sean Merrow
Level 4
Level 4
In response to corey

‎06-17-2010 07:27 AM

Ah...I think I know what's happening.  Set the shared-vlan-hostid in the Admin context.  If you ever add a redundant ACE, be sure to set the peer shared-vlan-hostid to a different number between 1-16.

shared-vlan-hostid 5

peer shared-vlan-hostid 6

Since you don't have a redundant ACE, you can skip the peer line above.

By default, the ACE will randomly choose a number upon each boot up.  This force the ACE to use the same hostid each boot.  This is covered on page 4 in the doc under the Shared VLANs section.

Hope this helps,

Sean

corey
Level 1
Level 1
In response to Sean Merrow

‎06-17-2010 07:54 AM

The way I read that was that by setting the shared-vlan-hostid would still have a dynamic MAC, but it would just pull from a consistent pool of addresses.  But you're saying the MAC will stay consistent?  Thanks for verifying!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents