Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
4
Replies

Mac-address on multiple context ASA deployment

fernando.vs
Level 1
Level 1

‎06-21-2010 09:07 AM - edited ‎03-11-2019 11:01 AM

hi,

the other day i was watching the firewall design and deployment session of cisco networkers 2009 with mason harris. one of the topics he was talking about is how the same mac-address is assigned to shared interfaces in multiple context deployment with the ASA, he said that a problem could arise since "switches dont like that", according to him switches dont like to see the same mac-address assigned to multple contexts. Im trying to figure out what is exactly the problem with the switch connected to an ASA with multiple context but i havent found a good reason of why there is an issue with this; i know there are issues when internal traffic is trying to reach external traffic, for example the internet, and there is not static or xlate entries available for the classifer to make a decision about with context should get the traffic.

I would like to find an answer for this since im working on my SNAF exam right now, or maybe i misunderstood something about what he said.

thanks all for your replies.

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-21-2010 12:58 PM

Fernando,

I'm not sure of the context. Care to point me to the presentation?

The problem with sharing an interface among contexts is "how to differentiate which context this traffic should go to if all contexts have same mac address?" answer is classifier - oh-so-useful on FWSM, while ASA has mac-address auto.

Marcin

0 Helpful

fernando.vs
Level 1
Level 1
In response to Marcin Latosiewicz

‎06-22-2010 05:35 AM

thanks for the replay marcin,

im totally agree with you, the main issue is with the classifier, however in the presentation it was mencioned an issue with switches that as i said before according to the presentation there is some problem that all contexts share the same mac-address as the physical interface, maybe i misunderstood something i dont know, maybe checking the presentation can help solve the problem.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to fernando.vs

‎06-22-2010 08:02 AM

Fernando,

Do you have the presentation at hand somewhere, I have not participated

Marcin

0 Helpful

fernando.vs
Level 1
Level 1
In response to Marcin Latosiewicz

‎06-23-2010 07:47 AM

actually i do, but its a 1.2 GB video so its difficulty to share.

anyway if you have the chance to  watch this presentation someday i will apreciate your comments about it. I'm going to try some lab research when i have hardware available and see what happens, ill try to share the results in case i found something.

thanks again for the help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card