When the secondary comes up first and the primary is not available it will use its own mac address and not that of the primary. When the primary comes up the mac address will be updated to be that of the primary causing a short interruption. The recommendation is to configure a virtual mac address (https://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1073913) so that this does not happen.

Instead of inventing a set of mac addresses to use (and hoping that at some point there won't be duplication, etc) if it would cause issues to just use the actual physical mac addresses and configure those as the virtual mac addresses.

Hey Ben,

I would think this will not cause problems. Since the virtual MACs will take precedence over the actual MAC addresses, even if we have the actual MAC addresses aas the virtual MACs, there shouldn't be a problem. But i must tell you that I have not really tried this before and also, the probabilities of duplication if you use invented virtual MAC addresses are really low

Thanks,

Prapanch

I couldn't think of any reason why it wouldn't work, just wondered if anyone had tried it and ran into something goofy.

Thanks

I think i will leave it for someone who has tried this to answer it if there can be any glitches. But my thought too is that it should work just fine. If you manage to try it out, let us know how it goes.

Thanks and Regards,

Prapanch

I would like to do the same and set the virtual MAC address as the real MAC address of the current active unit.  My reason is the ISP is very unresponsive (>4 hours) to clear their arp table which makes it difficult to plan sme future upgrades.

Has anyone set the virtual to be the same as the real MAC address?

Wanted to clarify this answer - the syntax for defining the failover mac addresses is 'failover mac address <interface> <active mac> <standby mac>'

And yes you can use the interface physical MAC addresses when using the failover syntax.