cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1201
Views
0
Helpful
1
Replies

FWSM - Duplicated MAC Addresses across contexts

tedgarner
Level 1
Level 1

I have two 7609S routers each with a FWSM running 4.0( 8)

I am licensed for 20 contexts.

Recently, I added a context for a new application and required access to a VLAN that already had an interface in another context.

The MAC address assigned to the interface in the new context was assigned the same MAC address as the interface in the previous context.

This caused an application running through the first context to fail.

I know that on the FWSM I cannot hardcode a MAC address to an interface in a context so how do I get around this problem caused by the duplicate MAC addresses?

Thanks, Ted

1 Reply 1

mirober2
Cisco Employee
Cisco Employee

Hi Ted,

The short answer is that you'll need to add static NAT statements (identity NAT is fine) to both contexts for each of the destinations that live behind each context.

For example, assume you share the outside interface across both of the following contexts:

ContextA - protects hosts in the 10.1.1.0/24 inside subnet

ContextB - protects hosts in the 10.2.2.0/24 inside subnet

You would need to add the following statics:

ContextA:

static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

ContextB:

static (inside,outside) 10.2.2.0 10.2.2.0 netmask 255.255.255.0

See the following guide for more details:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/contxt_f.html#wp1124236

-Mike

Review Cisco Networking for a $25 gift card