Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
1
Replies

ARP collision on failover interface of ASA5510

johnnylingo
Level 5
Level 5

‎12-03-2013 12:28 PM - edited ‎03-11-2019 08:12 PM

Seeing a funny problem.  Whenver the secondary ASA is rebooted, there is complaint of an ARP conflict on the failover interface:

Received ARP request collision from 169.254.0.1/1cdf.0f2e.e8b6 on interface FAILOVER with existing ARP entry 169.254.0.1/1cdf.0f2e.e0b0

169.254.0.1 is the primary ASA's failover interface, and the physical interface has MAC address 1cdf.0f2e.e0b0

169.254.0.2 is the secondary ASA's failover interface, and the physical interface has MAC address 1cdf.0f2e.e8b6

Failover IPs should remain constant even as roles change, so I'm very puzzled why the secondary would take the primary's IP.

Both are single context running 9.0(3)

Labels:
0 Helpful
1 Reply 1

narawat
Level 1
Level 1

‎12-04-2013 04:15 AM

Hi Johnny,

The Ip addresses that we assign in failover are for active and standby unit, they are not assigned as primary and secondary units.

So as the role of a unit in the failover pair changes the IP addresses and the MAC also changes accrodingly.

So what you are seeing is normal.

further the same is documented as well:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#acti

Hope this helps,

Cheers,

Naveen

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card