Cisco ASA 5505 User Manual

63-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 63 Configuring Active/Active Failover

Configuring Active/Active Failover

Note

If you have more than one Active/Active failover pair on the same network, it is possible to have the
same default virtual MAC addresses assigned to the interfaces on one pair as are assigned to the
interfaces of the other pairs because of the way the default virtual MAC addresses are determined. To
avoid having duplicate MAC addresses on your network, make sure you assign each physical interface
a virtual active and standby MAC address for all failover groups.

There are multiple ways to configure virtual MAC addresses on the ASA. When more than one method
has been used to configure virtual MAC addresses, the ASA uses the following order of preference to
determine which virtual MAC address is assigned to an interface:

1.

The mac-address command (in interface configuration mode) address

2.

The mac-address auto command generate address

3.

The failover mac address command or mac address command (in failover group configuration
mode) address (used in the following procedure)

4.

The automatically generated failover MAC address

Use the show interface command to display the MAC address used by an interface.

To configure specific active and standby MAC addresses for an interface, perform the following steps.

Detailed Steps

Example

The following partial example shows a possible configuration for a failover group:

hostname(config)# failover group 1

hostname(config-fover-group)# primary

hostname(config-fover-group)# preempt 100

hostname(config-fover-group)# exit

hostname(config)# failover group 2

hostname(config-fover-group)# secondary

hostname(config-fover-group)# preempt 100

hostname(config-fover-group)# mac address gigabitethernet1/0 0000.a000.a011 0000.a000.a012

hostname(config-fover-group)# exit

Command

Purpose

Step 1

failover group

{1 | 2}

Example:

hostname(config)# failover group 1

Specifies the failover group.

Step 2

mac address

phy_if active_mac standby_mac

Example:

hostname(config-fover-group)# mac address

gigabitethernet1/0 0000.a000.a011

0000.a000.a012

Specifies the virtual MAC addresses for the active and standby
units.

The phy_if argument is the physical name of the interface, such as
GigabitEthernet1/0. The active_mac and standby_mac arguments
are MAC addresses in H.H.H format, where H is a 16-bit
hexadecimal digit. For example, the MAC address
00-0C-F1-42-4C-DE would be entered as 000C.F142.4CDE.

The active_mac address is associated with the active IP address
for the interface, and the standby_mac is associated with the
standby IP address for the interface.