Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mac-address on multiple context ASA deployment

hi,

the other day i was watching the firewall design and deployment session of cisco networkers 2009 with mason harris. one of the topics he was talking about is how the same mac-address is assigned to shared interfaces in multiple context deployment with the ASA, he said that a problem could arise since "switches dont like that", according to him switches dont like to see the same mac-address assigned to multple contexts. Im trying to figure out what is exactly the problem with the switch connected to an ASA with multiple context but i havent found a good reason of why there is an issue with this; i know there are issues when internal traffic is trying to reach external traffic, for example the internet, and there is not static or xlate entries available for the classifer to make a decision about with context should get the traffic.

I would like to find an answer for this since im working on my SNAF exam right now, or maybe i misunderstood something about what he said.

thanks all for your replies.

Everyone's tags (1)
4 REPLIES
Cisco Employee

Re: Mac-address on multiple context ASA deployment

Fernando,

I'm not sure of the context. Care to point me to the presentation?

The problem with sharing an interface among contexts is "how to differentiate which context this traffic should go to if all contexts have same mac address?" answer is classifier - oh-so-useful on FWSM, while ASA has mac-address auto.

Marcin

New Member

Re: Mac-address on multiple context ASA deployment

thanks for the replay marcin,

im totally agree with you, the main issue is with the classifier, however in the presentation it was mencioned an issue with switches that as i said before according to the presentation there is some problem that all contexts share the same mac-address as the physical interface, maybe i misunderstood something i dont know, maybe checking the presentation can help solve the problem.

Cisco Employee

Re: Mac-address on multiple context ASA deployment

Fernando,

Do you have the presentation at hand somewhere, I have not participated

Marcin

New Member

Re: Mac-address on multiple context ASA deployment

actually i do, but its a 1.2 GB video so its difficulty to share.

anyway if you have the chance to  watch this presentation someday i will apreciate your comments about it. I'm going to try some lab research when i have hardware available and see what happens, ill try to share the results in case i found something.

thanks again for the help!

359
Views
0
Helpful
4
Replies