Could not locate IDB for interface: gig0/2.40

gamemcdcby · ‎08-13-2013

Hello. I try to configure 2 ASA5525 in Active/Standby mode. I connect both ASAs to my 3750-stack switch through 2Gbps Etherchannel link.

I split my Portchannel 1 in few subinterfaces (9, 12 and 52 vlan). Each subinterface have the same mac-address as Portchannel 1 mac-address. See, MACs are identical:

FWUP(config)# sh int po1

Interface Port-channel1 "inside", is up, line protocol is up

Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec

Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

Input flow control is unsupported, output flow control is off

Description: To-Core-Stack

MAC address 7cad.746f.65cc, MTU 1500

IP address 192.168.10.1, subnet mask 255.255.255.0

Traffic Statistics for "inside":

12725 packets input, 828083 bytes

661 packets output, 42864 bytes

5193 packets dropped

1 minute input rate 1 pkts/sec, 119 bytes/sec

1 minute output rate 0 pkts/sec, 13 bytes/sec

1 minute drop rate, 1 pkts/sec

5 minute input rate 1 pkts/sec, 115 bytes/sec

5 minute output rate 0 pkts/sec, 14 bytes/sec

5 minute drop rate, 1 pkts/sec

Members in this channel: Active: Gi0/0 Gi0/1

FWUP(config)# sh int po1.9

Interface Port-channel1.9 "Administrators", is administratively down, line protocol is down

Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec

VLAN identifier 9

MAC address 7cad.746f.65cc, MTU 1500

IP address 192.168.9.1, subnet mask 255.255.255.0

Traffic Statistics for "Administrators":

0 packets input, 0 bytes

0 packets output, 0 bytes

0 packets dropped

FWUP(config)# sh int po1.12

Interface Port-channel1.12 "outside", is up, line protocol is up

Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec

VLAN identifier 12

MAC address 7cad.746f.65cc, MTU 1500

IP address 192.168.12.3, subnet mask 255.255.255.0

Traffic Statistics for "outside":

7942 packets input, 394243 bytes

7551 packets output, 447425 bytes

7342 packets dropped

FWUP(config)# sh int po1.52

Interface Port-channel1.52 "DMZ", is administratively down, line protocol is down

Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec

VLAN identifier 52

MAC address 7cad.746f.65cc, MTU 1500

IP address 192.168.52.1, subnet mask 255.255.255.0

Traffic Statistics for "DMZ":

0 packets input, 0 bytes

0 packets output, 0 bytes

0 packets dropped

Then I change mac-addresses of subinterfaces like this:

FWUP(config)# int po1.9

FWUP(config-subif)# mac-address 7cad.746f.09cc

FWUP(config-subif)# sh int po1.9

Interface Port-channel1.9 "Administrators", is administratively down, line protocol is down

Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec

VLAN identifier 9

MAC address 7cad.746f.09cc, MTU 1500

IP address 192.168.9.1, subnet mask 255.255.255.0

Traffic Statistics for "Administrators":

0 packets input, 0 bytes

0 packets output, 0 bytes

0 packets dropped

And now about my problem. When I configure failover active mac-address of subinterface and standby mac-address of subinterface ASA generate an error:

FWUP(config)# failover mac address po1.9 7cad.746f.09cc 7cad.746f.6608

ERROR: Could not locate IDB for interface: po1.9

I repeat this command to another subinterface but the result is identical.

What to do next?

Jouni Forss · ‎08-13-2013

Hi,

I have not had the need to change the MAC address myself but what I though when I saw your problem was that you should probably try to issue the command

mac address standby

Under each actual subinterface of the ASA rather than using the "failover" command.

If I am not completely wrong the "failover" command related to the actual Failover link rather than the actual Data interface BUT I might be wrong.

- Jouni