Information About Mac Addresses; Default Mac Address; Interaction With Manual Mac Addresses; Failover Mac Addresses - Cisco ASA 5505 Configuration Manual

Chapter 6 Configuring Multiple Context Mode

Information About MAC Addresses

To allow contexts to share interfaces, we suggest that you assign unique MAC addresses to each shared
context interface (see the
page
The MAC address is used to classify packets within a context. If you share an interface, but do not have
unique MAC addresses for the interface in each context, then the destination IP address is used to
classify packets. The destination address is matched with the context NAT configuration, and this
method has some limitations compared to the MAC address method. See the
Appliance Classifies Packets" section on page 6-3
In the rare circumstance that the generated MAC address conflicts with another private MAC address in
your network, you can manually set the MAC address for the interface within the context. See the
"Configuring Advanced Interface Parameters" section on page 8-26
This section includes the following topics:
•
•
•
•

Default MAC Address

By default, the physical interface uses the burned-in MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address.
All auto-generated MAC addresses start with A2. The auto-generated MAC addresses are persistent
across reloads.

Interaction with Manual MAC Addresses

If you manually assign a MAC address and also enable auto-generation, then the manually assigned
MAC address is used. If you later remove the manual MAC address, the auto-generated address is used.
Because auto-generated addresses start with A2, you cannot start manual MAC addresses with A2 if you
also want to use auto-generation.

Failover MAC Addresses

For use with failover, the adaptive security appliance generates both an active and standby MAC address
for each interface. If the active unit fails over and the standby unit becomes active, the new active unit
starts using the active MAC addresses to minimize network disruption. See the
section for more information.
For upgrading failover units with the legacy version of the mac-address auto command before the
prefix keyword was introduced, see the mac-address auto command in the Cisco ASA 5500 Series
Command Reference.

MAC Address Format

The adaptive security appliance generates the MAC address using the following format:
OL-20339-01
"Automatically Assigning MAC Addresses to Context Interfaces" section on
6-19).
Default MAC Address, page 6-11
Interaction with Manual MAC Addresses, page 6-11
Failover MAC Addresses, page 6-11
MAC Address Format, page 6-11
Information About Security Contexts
for information about classifying packets.
to manually set the MAC address.
Cisco ASA 5500 Series Configuration Guide using ASDM
"How the Security
"MAC Address Format"
6-11