Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
2
Replies

ASA 5505 in routed mode, why might unique MAC addresses per vlan be required?

Go to solution
Jean Milne
Level 1
Level 1

‎06-01-2017 02:37 PM - edited ‎03-08-2019 10:49 AM

I'm doing a lot of reading about the ASA 5505 (which I have inherited the management of). 

Would anyone mind helping me understand an entry in the documentation?

I'm reading about how in routed mode all vlans have the same MAC address by default.  The documentation then says that connected switches may not support this and should be checked.

QUOTE

In routed firewall mode, all VLAN interfaces share a MAC address. Ensure that any connected switches can support this scenario. If the connected switches require unique MAC addresses, you can manually assign MAC addresses.

UNQUOTE

Why would some switches support it and not others?  

Is it a layer thing i.e. layer 2 vs layer 3?  

Or is it s feature thing i.e. some do some don't?

Or is it an age thing i.e. newer ones do, older ones don't?

If it's not any of the above, how do I check this as the documentation recommends..?

Google hasn't helped me much on this topic.  All hits are about how to find out what the MAC addresses are or how to change them but not why a switch might force me to change them...

All replies are very much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-01-2017 04:48 PM

Unique mac addresses would be required if the switch did not support the same mac address in multiple vlans or multiple IPs mapped to the same mac address in the arp table.

Cisco switches have a per vlan mac address table so they have no issues with the same mac address being used in multiple vlans and without testing (or from memory) I assume they also support multiple IPs to the same mac address which I believe is quite common.

It is a L3 thing in that it applies to L3 interfaces only.

To be honest I would assume it is supported unless you find anything that specifically says it isn't as I have never come across this as a problem in the forums.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-01-2017 04:48 PM

Unique mac addresses would be required if the switch did not support the same mac address in multiple vlans or multiple IPs mapped to the same mac address in the arp table.

Cisco switches have a per vlan mac address table so they have no issues with the same mac address being used in multiple vlans and without testing (or from memory) I assume they also support multiple IPs to the same mac address which I believe is quite common.

It is a L3 thing in that it applies to L3 interfaces only.

To be honest I would assume it is supported unless you find anything that specifically says it isn't as I have never come across this as a problem in the forums.

Jon

0 Helpful

Go to solution
Jean Milne
Level 1
Level 1
In response to Jon Marshall

‎06-02-2017 12:32 AM

Thank you for your reply Jon.  Very clear explanation that clears that right up for me.  I wanted to be sure I knew what it meant so I didn't go down any rabbit holes if I experienced problems later with my experiments.  Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card