Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
3
Replies

PIX Failover

rakeshsharma3000
Level 1
Level 1

‎07-12-2004 11:02 AM - edited ‎02-20-2020 11:30 PM

what is the purpose of failover mac address command. In which scenario will I use this. Why would I ever want to change the MAC address on PIX

0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎07-12-2004 02:34 PM

from the command line

The failover mac address command enables you to configure a virtual MAC address for a PIX Firewall failover pair. The failover mac address command sets the PIX Firewall to use the virtual MAC address stored in the PIX Firewall configuration after failover, instead of obtaining a MAC address by contacting its failover peer. This enables the PIX Firewall failover pair to maintain the correct MAC addresses after failover. If a virtual MAC address is not specified, the PIX Firewall failover pair uses the burned in network interface card (NIC) address as the MAC address. However, the failover mac address command is unnecessary (and therefore cannot be used) on an interface configured for LAN-based failover because the failover lan interface lan_if_name command does not change the IP and MAC addresses when failover occurs.

When adding the failover mac address command to your configuration, it is best to configure the virtual MAC address, save the configuration to Flash memory, and then reload the PIX Firewall pair. If the virtual MAC address is added when there are active connections, then those connections will stop. Also, you must write the complete PIX Firewall configuration, including the failover mac address command, into the Flash memory of the secondary PIX Firewall for the virtual MAC addressing to take effect.

0 Helpful

rakeshsharma3000
Level 1
Level 1
In response to nkhawaja

‎07-12-2004 08:10 PM

I had gone through the above documentation before on Cisco site, but I am curious to find out when will I use this command and if you could help me with a scenario where I might have to use this command.

0 Helpful

jean-pierre.tran-dac
Level 1
Level 1
In response to nkhawaja

‎10-16-2004 01:38 PM

when enabling a virtual mac address on all interfaces of the pix this will solve the problem of tunnel vpn replication on stanby after failover ? we don't need to clear ipsec and isakmp sa anymore ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card