Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA -- mac address & FT groups

I have a question regarding "mac address" command under "failover group"

If I am using 4 contexts (Context-A, Context-B, Context-C, Context-D)

and each context has 4 subinterfaces assigned out of which "outside interface is shared by all contexts"

What will be impact of the following commands

failover group 1

mac address Ethernet0 0000.1111.2222 0000.1111.2223

failover group 2

mac address Ethernet0 0000.2222.3333 0000.2222.3334

(Context-A & context-B are in FT Group 1 & remaining contexts are in FT Group 2)

I understand that "mac address auto" command will take care of the shared outside interface by automatically

assigning unique MAC addresses to the shared interfaces in the contexts.

My question is about the non-shared interface. What Mac addresses will get assigned to these interfaces

with the commands I mentioned above.

Q1. Will the MAC address "0000.1111.2222" configured under "FT group 1" will get assigned to "all the

interfaces" allocated to all the contexts assigned to "FT group 1". ?

Q2. What is the significance of standby mac address in this command? Will these addresses be switched

during a failover

I would appreciate if someone can show me the "CLI outputs" on ASAs to make things clear.

Thanks in Advance

A.

1 REPLY
Community Member

Re: ASA -- mac address & FT groups

The standby Mac address is used to avoid having duplicate MAC addresses in the network, by assigning each physical interface a virtual active and standby MAC address.When Failover occurs the Active MAC address gets swithced form the device which was active before failover to the device which is active after failover.Similarly the static MAC address gets switched from the standby device before faiover to the standby device after faiover.thus the Active Mac address is always present with the active device and the Static MAC Address is present with the standyby device always.

334
Views
0
Helpful
1
Replies
CreatePlease to create content