We've been having an issue where after rebooting our ACE, our websites don't come back online. I finally figured out that it's because the MAC address changes every time and we end up needing to clear the ARP cache on our ASA to get things back online. Will enabling "MAC sticky" resolve our issue on our web VLAN interface? It sounds like it will, but would like to be sure.
The purpose of mac-sticky is in case you have more than one gateway in front of the ACE, the ACE will a lways send the server's response back to the same gateway from which it received the client's request. So I'm not sure that this will solve your problem.
Are you using a pair of redundanct ACE? If so, you should configure an alias IP on the ACE's interface, which will have a MAC address that won't change regardless of which ACE is active. It is this IP address that the firewall would use as a next-hop.
We only have one ACE. Based on the ACE MAC Address Allocation PDF that you wrote, I think the MAC is changing on each reboot because we're using shared VLANs between contexts. I'd really like the MAC to not change on reboot, any other thoughts?
The way I read that was that by setting the shared-vlan-hostid would still have a dynamic MAC, but it would just pull from a consistent pool of addresses. But you're saying the MAC will stay consistent? Thanks for verifying!
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...