Mac-address on multiple context ASA deployment

Unanswered Question
Jun 21st, 2010
User Badges:

hi,


the other day i was watching the firewall design and deployment session of cisco networkers 2009 with mason harris. one of the topics he was talking about is how the same mac-address is assigned to shared interfaces in multiple context deployment with the ASA, he said that a problem could arise since "switches dont like that", according to him switches dont like to see the same mac-address assigned to multple contexts. Im trying to figure out what is exactly the problem with the switch connected to an ASA with multiple context but i havent found a good reason of why there is an issue with this; i know there are issues when internal traffic is trying to reach external traffic, for example the internet, and there is not static or xlate entries available for the classifer to make a decision about with context should get the traffic.


I would like to find an answer for this since im working on my SNAF exam right now, or maybe i misunderstood something about what he said.


thanks all for your replies.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Mon, 06/21/2010 - 12:58
User Badges:
  • Cisco Employee,

Fernando,


I'm not sure of the context. Care to point me to the presentation?


The problem with sharing an interface among contexts is "how to differentiate which context this traffic should go to if all contexts have same mac address?" answer is classifier - oh-so-useful on FWSM, while ASA has mac-address auto.


Marcin

fernando.vs Tue, 06/22/2010 - 05:35
User Badges:

thanks for the replay marcin,


im totally agree with you, the main issue is with the classifier, however in the presentation it was mencioned an issue with switches that as i said before according to the presentation there is some problem that all contexts share the same mac-address as the physical interface, maybe i misunderstood something i dont know, maybe checking the presentation can help solve the problem.

Marcin Latosiewicz Tue, 06/22/2010 - 08:02
User Badges:
  • Cisco Employee,

Fernando,


Do you have the presentation at hand somewhere, I have not participated


Marcin

fernando.vs Wed, 06/23/2010 - 07:47
User Badges:

actually i do, but its a 1.2 GB video so its difficulty to share.


anyway if you have the chance to  watch this presentation someday i will apreciate your comments about it. I'm going to try some lab research when i have hardware available and see what happens, ill try to share the results in case i found something.


thanks again for the help!

Actions

This Discussion