×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Port channel MAC Address for two IPs in ASA

Unanswered Question
Nov 22nd, 2013
User Badges:

                   I have two Cisco ASA 55xx series. These two are in HA mode. Firewall01 two ports connecting to Nexus 55XX Switch 01 and these are in Port channel. Firewall02 two ports connecting to Nexus 55XX Switch 02 and these are in Port channel. VLAN 10 with Subnet 10.10.10.0/28.


Nexus SW01 : VLAN 10 with HSRP

Firewall's VLAN 10, gateway is HSRP IP address.


SW01 : 10.10.10.2

SW02 : 10.10.10.3

HSRP IP : 10.10.10.1


FW01 : 10.10.10.4

FW02 ; 10.10.10.5


Problem: I am not able to ping Firewall IPs from Nexus Switches.


When I checked ARP entry in the for the Firewalls IPs; I have observed in the ARP table; both Fiwewall IPs having same Mac address and I have checked the MAC address in the Firewall; that MAC address is Port channel MAC address in the Firewall.


I am thinking this is an issue  (same MAC address fo both IPs) , how to reslove this issue ?



Thanks

Venkat

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Sat, 11/23/2013 - 09:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Generally speaking the firewalls' portchannels should each have a unique MAC address. By default it should be the lowest numbered channel group interface MAC address as the port-channel MAC address. (Reference)


When failover occurs, a gratuitous ARP should establish the newly active ASA as associated with the proper address.


Since you mentioned having a Nexus core, you aren't running a VPC for the portchannel are you? Also, are you using the NX-OS arp synchronize feature? (Reference)

venkateshwarlut Sun, 11/24/2013 - 23:54
User Badges:

Hi Mavin,

              I am not using vPC for this Port-channel.

Actions

This Discussion