Solved: Re: Cannot find ASA Management interface MAC address

alfista16 · ‎12-13-2018

Hello,

Our ASA 5506 shows a MAC address for its Mgmt1/1 interface other than the one learnt by a neighbor switch.

I tried to locate Management1/1 's MAC address by issuing the following commands on the Firewall :

show interface | i Int|MAC

show vers | i address

The output of the above commands do not display the MAC address that the switch actually learns.

The switch learns for the Firewall's Mgmt1/1 interface a MAC address of the same OUI, only the last hexadecimal differs.

Any idea why this happens?

Thank you.

Marvin Rhoads · ‎12-14-2018

If there is no IP address configured on M1/1 in the ASA itself then the ASA M/1 MAC won't show up on the switch.

However, if there is a Firepower service module on the ASA 5506 it will have a MAC address associated with the physical Management1/1 interface.

"show module sfr detail" will confirm it.

View solution in original post

balaji.bandi · ‎12-13-2018

What model is this ?

here is the command to use :

# show interface stats | in Mana|MAC
       Interface Management0/0 "management", is up, line protocol is up
        MAC address f4cf.e200.XXXX, MTU 1500

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alfista16 · ‎12-14-2018

Sorry if this was unclear before, but I have issued the command that you suggested.

The ASA model is 5506, as described in the 1st question.

To make this more clear, this is what is see when I execute your command:

   FW-01# show interface stats | in Mana|MAC
        MAC address 0000.1111a4dc, MTU 1500
        MAC address 0000.1111.a4dd, MTU 1500
        MAC address 0000.1111.a4de, MTU not set
        MAC address 0000.1111.a4df, MTU not set
        MAC address 0000.1111.a4e0, MTU not set
        MAC address 0000.1111.a4e1, MTU not set
        MAC address 0000.1111.a4e2, MTU not set
        MAC address 0000.1111.a4e3, MTU not set
Interface Management1/1 "", is up, line protocol is up
        MAC address 0000.1111.a4db, MTU not set

Now, on my switch, this is the MAC seen on the port connected with ASA's management1/1 port:

0000.1111.a4da

That MAC does not appear anywhere in the Firewall.

Any suggestions?

Regards,

George

Marvin Rhoads · ‎12-14-2018

If there is no IP address configured on M1/1 in the ASA itself then the ASA M/1 MAC won't show up on the switch.

However, if there is a Firepower service module on the ASA 5506 it will have a MAC address associated with the physical Management1/1 interface.

"show module sfr detail" will confirm it.

alfista16 · ‎12-14-2018

Hi Marvin

There is no IP address currently applied on the M1/1 interface, however we are in the middle of deploying Firepower on that site.

"show module sfr detail" displayed the MAC address that was learnt by the switch.

Thanks a lot.

Marvin Rhoads · ‎12-14-2018

Great. Thanks for marking the answer as a solution.

You're welcome.