i have a failover pair of ASA 5520 running ver 8.2. When the primary fails the secondary gets to use primarys Ip and mac address. If the new primary is now re-booted i lose network connectivity. This is because its now using its burned-in mac address. The question i have is this...can i once the seconday has become the primary use the "mac-address" command on the interfaces and assign it the virtual mac address that is being used at present.This is so that when this box is rebooted it will use this mac address and not cause any network issues.?
You can just use the virtual MAC instead of real MAC for the failover setup.
Failover mac address 00C1.1111.1111 00C1.2222.2222
In this example, the active device will assume the MAC of 00C1.1111.1111 for the interface and the standby will assume the other MAC. When the failover happens, the new active device takesover the MAC. In this way, even if the other device comes up, it will either use its burned in MAC or the secondary MAC.
Will it cause issues if the burned in mac addresses are used as the virtual mac addresses? Or will the cause issues in the case where the secondary comes up first and assumes the active state using the mac addresses off the primary? Some delay in applying the virtual mac addresses or something on the primary?
Or is it a better idea to define your own random mac addresses and use those instead as the virtual mac addresses?
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...
Related documentsCisco ISE (Identity Services Engine) IPv6 features by release2.6ISE ManagementNetwork Time Protocol SupportDomain Name System SupportExternal RepositoriesAudit Logs and ReportsSimple Network Management ProtocolAccess Control Lists And Dyn...
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 184.108.40.206Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 220.127.116.11R1(config-ikev2-keyring-pee...