12-13-2018 06:08 AM - edited 02-21-2020 08:34 AM
Hello,
Our ASA 5506 shows a MAC address for its Mgmt1/1 interface other than the one learnt by a neighbor switch.
I tried to locate Management1/1 's MAC address by issuing the following commands on the Firewall :
show interface | i Int|MAC
show vers | i address
The output of the above commands do not display the MAC address that the switch actually learns.
The switch learns for the Firewall's Mgmt1/1 interface a MAC address of the same OUI, only the last hexadecimal differs.
Any idea why this happens?
Thank you.
Solved! Go to Solution.
12-14-2018 04:10 AM
If there is no IP address configured on M1/1 in the ASA itself then the ASA M/1 MAC won't show up on the switch.
However, if there is a Firepower service module on the ASA 5506 it will have a MAC address associated with the physical Management1/1 interface.
"show module sfr detail" will confirm it.
12-13-2018 07:32 AM
What model is this ?
here is the command to use :
# show interface stats | in Mana|MAC
Interface Management0/0 "management", is up, line protocol is up
MAC address f4cf.e200.XXXX, MTU 1500
12-14-2018 02:15 AM - edited 12-14-2018 02:16 AM
Sorry if this was unclear before, but I have issued the command that you suggested.
The ASA model is 5506, as described in the 1st question.
To make this more clear, this is what is see when I execute your command:
FW-01# show interface stats | in Mana|MAC
MAC address 0000.1111a4dc, MTU 1500
MAC address 0000.1111.a4dd, MTU 1500
MAC address 0000.1111.a4de, MTU not set
MAC address 0000.1111.a4df, MTU not set
MAC address 0000.1111.a4e0, MTU not set
MAC address 0000.1111.a4e1, MTU not set
MAC address 0000.1111.a4e2, MTU not set
MAC address 0000.1111.a4e3, MTU not set
Interface Management1/1 "", is up, line protocol is up
MAC address 0000.1111.a4db, MTU not set
Now, on my switch, this is the MAC seen on the port connected with ASA's management1/1 port:
0000.1111.a4da
That MAC does not appear anywhere in the Firewall.
Any suggestions?
Regards,
George
12-14-2018 04:10 AM
If there is no IP address configured on M1/1 in the ASA itself then the ASA M/1 MAC won't show up on the switch.
However, if there is a Firepower service module on the ASA 5506 it will have a MAC address associated with the physical Management1/1 interface.
"show module sfr detail" will confirm it.
12-14-2018 04:41 AM
Hi Marvin
There is no IP address currently applied on the M1/1 interface, however we are in the middle of deploying Firepower on that site.
"show module sfr detail" displayed the MAC address that was learnt by the switch.
Thanks a lot.
12-14-2018 04:56 AM
Great. Thanks for marking the answer as a solution.
You're welcome.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide