Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 8.4(7) Failover configuration

Hi,

 

I am doing an active/standby failover configuration and I would like to have the virtual mac addresses configured.

I'm wondering if I need to do them both on the primary unit and the secondary unit, or just the primary unit. The inside, outside and management interfaces have already been configured with a standby IP. Also if virtual mac addresses are the burned in addresses of the physical interfaces would that cause a problem?

The reason we need to have virtual mac addresses is because our service provider has an additional external address range which the company uses and it is pointing to the outside interface of our firewall. In the event that the second firewall boots up first it may cause arp issues for the second external address block.

These are two 5510 firewalls running version 8.47-7

Here is the configuration:

 

failover lan unit primary
!
failover lan interface FAILOVERLINK Ethernet0/1
failover interface ip FAILOVERLINK 172.50.48.1 255.255.255.252 standby 172.50.48.2
interface Ethernet0/1 
no shutdown
!
failover link STATELINK Ethernet0/3
failover interface ip STATELINK 172.50.49.1 255.255.255.252 standby 172.50.49.2
interface Ethernet0/3
no shutdown
!
failover mac address Ethernet0/0 f0f7.55f3.065b 8843.e10c.42ea
!
failover mac address Ethernet0/2 f0f7.55f3.065c 8843.e10c.42ec
!
failover mac address Management0/0 f0f7.55f3.065e 8843.e10c.42ee

 

SECONDARY UNIT


failover lan unit secondary
!
failover lan interface FAILOVERLINK Ethernet0/1
failover interface ip FAILOVERLINK 172.50.48.1 255.255.255.252 standby 172.50.48.2
interface Ethernet0/1
no shutdown
!
failover link STATELINK Ethernet0/3
failover interface ip STATELINK 172.50.49.1 255.255.255.252 standby 172.50.49.2
interface Ethernet0/3
no shutdown
!

91
Views
0
Helpful
0
Replies
CreatePlease to create content