Solved: Happy to help.!

fsebera · ‎04-26-2017

ASA setup in single router mode, active/standby configuration, IOS ver 9.5(2)

Currently ASA standby interfaces are shut to manage the error condition.

Anyone know why I keep getting this error?

%SW_MATM-4-MACFLAP_NOTIF: Host aaaa.bbbb.dddd in vlan 207 is flapping between port Gi1/0/3 and port Gi1/0/15

-ASA Config-

interface Redundant1
member-interface GigabitEthernet1/4
member-interface GigabitEthernet1/3
mac-address aaaa.bbbb.dddd
nameif remotephones
security-level 0
ip address -removed- 255.255.255.0 standby -removed-

Ajay Saini · ‎04-27-2017

Hello,

what is the mac address seen on standby unit currently.Do you see different mac addresses on 'show interface Redundant1' for each firewall(active and standby). Unless failover is happening, you should not see the mac flap.

Could you try to assign mac address to standby unit as well.

mac-address aaaa.bbbb.dddd standby xx.xx.xx

-

AJ

View solution in original post

Ajay Saini · ‎04-27-2017

Hello,

what is the mac address seen on standby unit currently.Do you see different mac addresses on 'show interface Redundant1' for each firewall(active and standby). Unless failover is happening, you should not see the mac flap.

Could you try to assign mac address to standby unit as well.

mac-address aaaa.bbbb.dddd standby xx.xx.xx

-

AJ

fsebera · ‎04-27-2017

Hey AJ,

Thanks for taking your time to look into my issue; However, your suggested syntax is not valid on IOS 9.5(2).

VPN1/act(config)# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 3 seconds
Interface Poll frequency 3 seconds, holdtime 15 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.5(2), Mate 9.5(2)
Last Failover at: 08:43:40 EDT Apr 26 2016
        This host: Primary - Active
                Active time: 31630208 (sec)
                slot 1: ASA5516 hw/sw rev (1.0/9.5(2)) status (Up Sys)
                  Interface outside (x.x.x.x): Normal (Monitored)
                  Interface inside (x.x.x.x): Normal (Monitored)
                  Interface remote (x.x.x.x): Normal (Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)
        Other host: Secondary - Failed <- due to MAC flapping on remote
                Active time: 0 (sec)
                slot 1: ASA5516 hw/sw rev (1.0/9.5(2)) status (Up Sys)
                  Interface outside (x.x.x.x): Normal (Monitored)
                  Interface inside (x.x.x.x): Normal (Monitored)
                  Interface remote (x.x.x.x): No Link (Monitored) <---- Due to MAC flapping, was shut down
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)

Thanks again

Frank

Ajay Saini · ‎04-27-2017

Could you please paste the error you get while adding static mac address. The link for command is :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/m1.html

There is an example attached as well. And just to be sure, the standby mac xx.xx.xx is an example, you need to modify it to something valid.

-AJ

fsebera · ‎04-27-2017

Hi Ajay,

ERROR: % Invalid input detected at '^' marker.

My Bad, Turns out I needed to be in interface configuration mode!! :)

Followed your CORRECT SYNTAX and all is good now!

!

Note: To add the standby MAC address to an existing user-configured MAC address you have to disable the primary interface first. If you have monitoring enabled, a failover will result so first no monitor-interface <name> make the change and add back into monitoring.

Thank you

Frank

Ajay Saini · ‎04-27-2017

Happy to help.!

ASA active/failover Redundant interface to switch-stack MAC flapping