06-21-2010 09:07 AM - edited 03-11-2019 11:01 AM
hi,
the other day i was watching the firewall design and deployment session of cisco networkers 2009 with mason harris. one of the topics he was talking about is how the same mac-address is assigned to shared interfaces in multiple context deployment with the ASA, he said that a problem could arise since "switches dont like that", according to him switches dont like to see the same mac-address assigned to multple contexts. Im trying to figure out what is exactly the problem with the switch connected to an ASA with multiple context but i havent found a good reason of why there is an issue with this; i know there are issues when internal traffic is trying to reach external traffic, for example the internet, and there is not static or xlate entries available for the classifer to make a decision about with context should get the traffic.
I would like to find an answer for this since im working on my SNAF exam right now, or maybe i misunderstood something about what he said.
thanks all for your replies.
06-21-2010 12:58 PM
Fernando,
I'm not sure of the context. Care to point me to the presentation?
The problem with sharing an interface among contexts is "how to differentiate which context this traffic should go to if all contexts have same mac address?" answer is classifier - oh-so-useful on FWSM, while ASA has mac-address auto.
Marcin
06-22-2010 05:35 AM
thanks for the replay marcin,
im totally agree with you, the main issue is with the classifier, however in the presentation it was mencioned an issue with switches that as i said before according to the presentation there is some problem that all contexts share the same mac-address as the physical interface, maybe i misunderstood something i dont know, maybe checking the presentation can help solve the problem.
06-22-2010 08:02 AM
Fernando,
Do you have the presentation at hand somewhere, I have not participated
Marcin
06-23-2010 07:47 AM
actually i do, but its a 1.2 GB video so its difficulty to share.
anyway if you have the chance to watch this presentation someday i will apreciate your comments about it. I'm going to try some lab research when i have hardware available and see what happens, ill try to share the results in case i found something.
thanks again for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide