Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
1
Replies

will primary PIX 515 MAC address move to the seconday PIX on failover?

admin_2
Level 3
Level 3

‎06-26-2002 09:33 AM - edited ‎02-20-2020 10:07 PM

We are currently, successfully running 2 PIX firewall 515s. Our outside interfaces connect to a Motarola Surfboard Cable Modem and than to our Lightpath cable ISP. We are running 6.0(1) OS. We have been told by Lightpath that if we connect a new device to the cable modem, that the modem must be powered off, than on, than the new device powered on. This is to capture the new MAC address at Lightpath. If it doesn't come up and work right away you may have to wait as long as an hour for the new MAC to be captured or we can call and have them clear the "Host table". Obviously, we don't do this often. However, we would like to instatute a failover PIX 515. I understand that the IP address of the outside interface will failover to the standby PIX but what happens to the MAC? Can we enter duplicate MAC addresses in both PIXs to override the Burned In Address as you can do in some routers? If not does this mean we cannot use failover with our cable ISP?

0 Helpful
1 Reply 1

Not applicable

‎06-26-2002 09:33 AM

yes, on a failover event the

standby firewall use both the ip

address and the mac address of the

primary. That right to use only

one mac address because of problems

similar to yours (arp table timeouts on routers).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card