Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Virtual MAC issue

i have a failover pair of ASA 5520 running ver 8.2. When the primary fails the secondary gets to use primarys Ip and mac address. If the  new primary is now re-booted i lose network connectivity. This is because its now using its burned-in mac address. The question i have is this...can i once the seconday has become the primary use the "mac-address" command on the interfaces and assign it the virtual mac address that is being used at present.This is so that when this box is rebooted it will use this mac address and not cause any network issues.?

3 REPLIES
Cisco Employee

Re: ASA Virtual MAC issue

Yes, you can definitely use the virtual MAC address to prevent the network outage as described.

Here is a little further explaination of the virtual MAC address for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1097271

Hope that answers your question.

Cisco Employee

Re: ASA Virtual MAC issue

Hello,

You can just use the virtual MAC instead of real MAC for the failover setup.

Failover mac address 00C1.1111.1111 00C1.2222.2222

In this example, the active device will assume the MAC of 00C1.1111.1111 for the interface and the standby will assume the other MAC. When the failover happens, the new active device takesover the MAC. In this way, even if the other device comes up, it will either use its burned in MAC or the secondary MAC.

Hope this helps.

Regards,

NT

Community Member

Re: ASA Virtual MAC issue

Will it cause issues if the burned in mac addresses are used as the virtual mac addresses? Or will the cause issues in the case where the secondary comes up first and assumes the active state using the mac addresses off the primary? Some delay in applying the virtual mac addresses or something on the primary?

Or is it a better idea to define your own random mac addresses and use those instead as the virtual mac addresses?

1001
Views
0
Helpful
3
Replies
CreatePlease to create content