https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294408#M345224 <P>Hi Everyone,</P><P></P><P>When ASA is config as Active and standby then the failover interface never swap the IP address but other interfaces do.</P><P></P><P>Need to know when standby ASA&nbsp; becomes active will it swap the mac address with Failover&nbsp; interface of Active ASA?</P><P></P><P>Regards</P><P></P><P>MAhesh </P> Tue, 12 Mar 2019 02:21:06 GMT mahesh18 2019-03-12T02:21:06Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294408#M345224 <P>Hi Everyone,</P><P></P><P>When ASA is config as Active and standby then the failover interface never swap the IP address but other interfaces do.</P><P></P><P>Need to know when standby ASA&nbsp; becomes active will it swap the mac address with Failover&nbsp; interface of Active ASA?</P><P></P><P>Regards</P><P></P><P>MAhesh </P> Tue, 12 Mar 2019 02:21:06 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294408#M345224 mahesh18 2019-03-12T02:21:06Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294409#M345225 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The interface IP address and MAC address of the Active unit should always be the same.</P><P></P><P>When the Failover happens the formed Standby device which now becomes Active should get the same IP address and MAC address as the previous Active unit.</P><P></P><P>So essentially there is no change in the ARP for connected devices hen the Active ASA changes and therefore there should be no outage in the connections and traffic forwarding.</P><P></P><P>- Jouni</P></BODY></HTML> Sun, 04 Aug 2013 18:58:46 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294409#M345225 Jouni Forss 2013-08-04T18:58:46Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294410#M345226 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>As per CBT&nbsp; videos it says Failover interface do not swap the IP address but all other interfaces swap the IP address?</P><P>Is this correct?</P><P></P><P>Need to confirm also failover interface mac address also get swapped or not?</P><P></P><P>Regards</P><P></P><P>MAhesh</P></BODY></HTML> Sun, 04 Aug 2013 19:17:06 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294410#M345226 mahesh18 2013-08-04T19:17:06Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294411#M345228 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>To my understanding they do as we specifically configure a primary and a standby IP address for the Failover link also.</P><P></P><P>I don't really have any Failover pair handy with which I could confirm this but I would imagine that the Active unit always keeps the primary IP address configured with <STRONG>"failover"</STRONG> command</P><P></P><P><STRONG>failover interrface ip <INTERFACE name=""> x.x.x.1 255.255.255.0 standby x.x.x.2</INTERFACE></STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Sun, 04 Aug 2013 19:27:29 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294411#M345228 Jouni Forss 2013-08-04T19:27:29Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294412#M345232 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>I also can not test at home as i have only 1 asa with plus license nor i can at&nbsp; work.</P><P>At work only if we have some scheduled change for ASA.</P><P></P><P>Lets see if someone&nbsp; in forum can confirm if this is true or not?</P><P></P><P>Best regards</P><P>Mahesh</P></BODY></HTML> Sun, 04 Aug 2013 19:32:04 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294412#M345232 mahesh18 2013-08-04T19:32:04Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294413#M345233 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The old CCNP Firewall book does seem to mention that there is no chance for Failover LAN interfaces</P><P></P><P><EM>"The address swap occurs on every ASA interface except the LAN failover, which always remains unchanged"</EM></P><P></P><P>- Jouni</P></BODY></HTML> Sun, 04 Aug 2013 19:32:31 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294413#M345233 Jouni Forss 2013-08-04T19:32:31Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294414#M345236 <HTML><HEAD></HEAD><BODY><P>Hi jouni,</P><P></P><P>So does it mean that they never swap ips right?</P><P></P><P>Thanks</P><P></P><P>Mahesh</P></BODY></HTML> Sun, 04 Aug 2013 19:35:35 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294414#M345236 mahesh18 2013-08-04T19:35:35Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294415#M345240 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems they stay the same. I was not aware of this though I guess it something you might miss as you are actually looking at the Data interfaces IP/MAC addresses if you are seeing trouble with a Failover pair.</P><P></P><P>What I find very strange is that this isnt clearly stated in the Configuration Guide or Command Reference of the ASA. Or atleast I don't see a specific mention about the actual Failover link/interface but rather the mention of the Data interfaces which do change IP and MAC. (Or I have completely missed it)</P><P></P><P>Yet its stated in some older documents</P><P></P><P>Here is a quote:</P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P></P><P>The failover link IP address and MAC address do not change at&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; failover. The active IP address for the failover link always stays with the&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; primary unit, while the standby IP address stays with the secondary unit. </P></PRE><P></P><P>Source:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aefd11.shtml#pri" rel="nofollow">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aefd11.shtml#pri</A></P><P></P><P>- Jouni</P></BODY></HTML> Sun, 04 Aug 2013 20:02:38 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294415#M345240 Jouni Forss 2013-08-04T20:02:38Z https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294416#M345242 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>Many thanks that we both came to same conclusion.</P><P></P><P>Best regards</P><P>Mahesh</P></BODY></HTML> Sun, 04 Aug 2013 21:02:34 GMT https://community.cisco.com/t5/network-security/active-standby-asa-failover-interface-mac-address/m-p/2294416#M345242 mahesh18 2013-08-04T21:02:34Z