Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FW in VSS Environment

Working in a VSS environment, one firewall in each catalyst, configured with two context and Active / Passive scenario. One VLAN exist between two context, but no communication between context over the VLAN. ARP is showing same mac-address on two different VLAN and on two different context.

Context APP:

Inside 001b.380c.7e4c

Inside 001b.380c.7e4c

Inside 001b.380d.0357

DMZ.NMS 0023.334d.e3bc

DMZ.NMS 0023.334d.e37c

Outside.INT 0024.971f.4900

Outside.EDN 0025.45f4.7000

Outside.EDN 0024.971f.4900

Context INT

Outside.INT 0013.c34d.1ad0

Inside.INT 0024.971f.4d00

Inside.INT 0024.971f.4900

Inside.EDN 0024.971f.4900

Inside.EDN 0025.45f4.7000

DMZ2 0014.5e18.a042

Same mac-address entry on security interface Outside.EDN, Outside.INT, Inside.INT and Inside.EDN.

Cisco Employee

Re: FW in VSS Environment

What is the question?

FWSM only has one MAC address. So, you will see the same MAC address on all the vlans. Since the interface is shared between the two contexts you will see the same MAC there as well.

When you share the outside interface, then you have to make sure to translate the inside networks.

When you share the inside interface, you need to translated the outside network (this gets ugly if the outside interface faces the internet).

Pls. read below:

CreatePlease to create content