ASA Virtual MAC issue

Unanswered Question
Jul 11th, 2010

i have a failover pair of ASA 5520 running ver 8.2. When the primary fails the secondary gets to use primarys Ip and mac address. If the  new primary is now re-booted i lose network connectivity. This is because its now using its burned-in mac address. The question i have is this...can i once the seconday has become the primary use the "mac-address" command on the interfaces and assign it the virtual mac address that is being used at present.This is so that when this box is rebooted it will use this mac address and not cause any network issues.?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Sun, 07/11/2010 - 20:22

Hello,

You can just use the virtual MAC instead of real MAC for the failover setup.

Failover mac address 00C1.1111.1111 00C1.2222.2222

In this example, the active device will assume the MAC of 00C1.1111.1111 for the interface and the standby will assume the other MAC. When the failover happens, the new active device takesover the MAC. In this way, even if the other device comes up, it will either use its burned in MAC or the secondary MAC.

Hope this helps.

Regards,

NT

ben.wiechman Fri, 08/13/2010 - 09:18

Will it cause issues if the burned in mac addresses are used as the virtual mac addresses? Or will the cause issues in the case where the secondary comes up first and assumes the active state using the mac addresses off the primary? Some delay in applying the virtual mac addresses or something on the primary?

Or is it a better idea to define your own random mac addresses and use those instead as the virtual mac addresses?

Actions

This Discussion