08-13-2013 03:19 AM - edited 03-11-2019 07:24 PM
Hello. I try to configure 2 ASA5525 in Active/Standby mode. I connect both ASAs to my 3750-stack switch through 2Gbps Etherchannel link.
I split my Portchannel 1 in few subinterfaces (9, 12 and 52 vlan). Each subinterface have the same mac-address as Portchannel 1 mac-address. See, MACs are identical:
FWUP(config)# sh int po1
Interface Port-channel1 "inside", is up, line protocol is up
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Description: To-Core-Stack
MAC address 7cad.746f.65cc, MTU 1500
IP address 192.168.10.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
12725 packets input, 828083 bytes
661 packets output, 42864 bytes
5193 packets dropped
1 minute input rate 1 pkts/sec, 119 bytes/sec
1 minute output rate 0 pkts/sec, 13 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 1 pkts/sec, 115 bytes/sec
5 minute output rate 0 pkts/sec, 14 bytes/sec
5 minute drop rate, 1 pkts/sec
Members in this channel: Active: Gi0/0 Gi0/1
FWUP(config)# sh int po1.9
Interface Port-channel1.9 "Administrators", is administratively down, line protocol is down
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
VLAN identifier 9
MAC address 7cad.746f.65cc, MTU 1500
IP address 192.168.9.1, subnet mask 255.255.255.0
Traffic Statistics for "Administrators":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
FWUP(config)# sh int po1.12
Interface Port-channel1.12 "outside", is up, line protocol is up
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
VLAN identifier 12
MAC address 7cad.746f.65cc, MTU 1500
IP address 192.168.12.3, subnet mask 255.255.255.0
Traffic Statistics for "outside":
7942 packets input, 394243 bytes
7551 packets output, 447425 bytes
7342 packets dropped
FWUP(config)# sh int po1.52
Interface Port-channel1.52 "DMZ", is administratively down, line protocol is down
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
VLAN identifier 52
MAC address 7cad.746f.65cc, MTU 1500
IP address 192.168.52.1, subnet mask 255.255.255.0
Traffic Statistics for "DMZ":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
Then I change mac-addresses of subinterfaces like this:
FWUP(config)# int po1.9
FWUP(config-subif)# mac-address 7cad.746f.09cc
FWUP(config-subif)# sh int po1.9
Interface Port-channel1.9 "Administrators", is administratively down, line protocol is down
Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
VLAN identifier 9
MAC address 7cad.746f.09cc, MTU 1500
IP address 192.168.9.1, subnet mask 255.255.255.0
Traffic Statistics for "Administrators":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
And now about my problem. When I configure failover active mac-address of subinterface and standby mac-address of subinterface ASA generate an error:
FWUP(config)# failover mac address po1.9 7cad.746f.09cc 7cad.746f.6608
ERROR: Could not locate IDB for interface: po1.9
I repeat this command to another subinterface but the result is identical.
What to do next?
08-13-2013 04:34 AM
Hi,
I have not had the need to change the MAC address myself but what I though when I saw your problem was that you should probably try to issue the command
mac address
Under each actual subinterface of the ASA rather than using the "failover" command.
If I am not completely wrong the "failover" command related to the actual Failover link rather than the actual Data interface BUT I might be wrong.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide