Configuring Virtual MAC Addresses on ASA

SATORU SAEGUSA · ‎07-22-2012

Hello,

I configure the virtual MAC address for a interface on ASA 5520, will enter the following command on the active unit:

failover mac address Inside 0012.3456.789a 0023.4567.89ab

The active MAC address is of the same as the Inside's burned-in MAC address of the active unit.
Similarly, the standby MAC address is of the same as the Inside's burned-in MAC address of the standby unit.
Do I get the effect of failover mac address command?

Thank you for your cooperation in advance.

Ramraj Sivagnanam Sivajanam · ‎07-22-2012

Hi Bro

That’s fine really. There’s nothing wrong if you’ve configured the active MAC address the same as the Inside's burned-in MAC address of the active unit.

In an Active/Standby failover, the MAC addresses for the primary unit are always associated with the active IP addresses. If the secondary unit boots first and becomes active, it uses the burned-in MAC address for its interfaces. When the primary unit comes online, the secondary unit obtains the MAC addresses from the primary unit. The change can disrupt network traffic.

You can configure virtual MAC addresses for each interface to ensure that the secondary unit uses the correct MAC addresses when it is the active unit, even if it comes online before the primary unit. If you do not specify virtual MAC addresses the failover pair uses the burned-in NIC addresses as the MAC addresses.

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam