cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2367
Views
0
Helpful
5
Replies

Auto Mac feature for shared interfaces on ASA context

sidcracker
Level 1
Level 1

Hi All,

I am configuring a shared outside interface on all the contexts. I have read in the document that I have to enable auto mac feature for the traffic to return back to the context.

So please tell me if i am correct here

when defining a context on the system context, i have to add some extra commands as follows

context CTX1

allocate-interface GigabitEthernet0/0.1 outside_customerA
mac-address auto GigabitEthernet0/0.1 a2d2.0400.11bc a2d2.0400.11bd

allocate-interface GigabitEthernet0/1.50 inside_customerA

allocate-interface GigabitEthernet0/2.60 dmz_customerA

context CTX2
allocate-interface GigabitEthernet0/0.1 outside_customerA
mac-address auto GigabitEthernet0/0.1 b2e2.0500.22bc b2e2.0500.22bd

allocate-interface GigabitEthernet0/1.51 inside_customerB

allocate-interface GigabitEthernet0/2.61 dmz_customerB

So the above configuration - the outside Interface as you can see is shared between 2 contexts but the MAC address as different. So would this be an ideal config to implement in a production environment. Please give me your thoughts and suggestions for the best way to implement this

Thanks

1 Accepted Solution

Accepted Solutions

That command goes in the system space (global command).

It will auto generate mac addresses for all the interfaces in all the contexts. If you look at the command mode. You can configure the command only in system space in multiple context mode.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

-KS

View solution in original post

5 Replies 5

Kureli Sankar
Cisco Employee
Cisco Employee

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2043127

A sample like what  you have (shared interface between contexts) is in the above link.

-KS

Hi Kusankar,

Thanks for your reply. Is there a way to configure the MAC Addresses without actually explicitly mentioning it in the context. Can the ASA automatically allocate it?

Thanks

Yes you can do that with the global command

mac-address auto

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2043127

4. mac-address auto command in global configuration mode (multiple context mode only).

mac-address auto

Auto-generates MAC addresses (active and standby) for shared interfaces in multiple context mode.

-KS

Kusankar,

I just read that. Now say I have 4 sub interfaces assigned to each context and I have 10 contexts. Out of the 4 subinterfaces, only the outside subinterface is a shared interface used by all contexts. Rest have different vlans and subnets.

Now if I issue the command "mac-address auto" on each context, How will it know which subinterface to automatically generate the MAC Address for?

Thanks

That command goes in the system space (global command).

It will auto generate mac addresses for all the interfaces in all the contexts. If you look at the command mode. You can configure the command only in system space in multiple context mode.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: