Cisco ASA 5505 User Manual
Page 323
9-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 9 Completing Interface Configuration (Transparent Mode)
Completing Interface Configuration in Transparent Mode
For an EtherChannel, all interfaces that are part of the channel group share the same MAC address. This
feature makes the EtherChannel transparent to network applications and users, because they only see the
one logical connection; they have no knowledge of the individual links. The port-channel interface uses
the lowest numbered channel group interface MAC address as the port-channel MAC address.
Alternatively you can manually configure a MAC address for the port-channel interface. In multiple
context mode, you can automatically assign unique MAC addresses to interfaces, including an
EtherChannel port interface. We recommend manually, or in multiple context mode, automatically
configuring a unique MAC address in case the group channel interface membership changes. If you
remove the interface that was providing the port-channel MAC address, then the port-channel MAC
address changes to the next lowest numbered interface, thus causing traffic disruption.
In multiple context mode, if you share an interface between contexts, you can assign a unique MAC
address to the interface in each context. This feature lets the ASA easily classify packets into the
appropriate context. Using a shared interface without unique MAC addresses is possible, but has some
limitations. See the
“How the ASA Classifies Packets” section on page 5-3
for more information. You
can assign each MAC address manually, or you can automatically generate MAC addresses for shared
interfaces in contexts. See the
“Automatically Assigning MAC Addresses to Context Interfaces” section
to automatically generate MAC addresses. If you automatically generate MAC addresses,
you can use this procedure to override the generated address.
For single context mode, or for interfaces that are not shared in multiple context mode, you might want
to assign unique MAC addresses to subinterfaces. For example, your service provider might perform
access control based on the MAC address.
Information About the MTU
The MTU is the maximum datagram size that is sent on a connection. Data that is larger than the MTU
value is fragmented before being sent.
The ASA supports IP path MTU discovery (as defined in RFC 1191), which allows a host to dynamically
discover and cope with the differences in the maximum allowable MTU size of the various links along
the path. Sometimes, the ASA cannot forward a datagram because the packet is larger than the MTU that
you set for the interface, but the “don't fragment” (DF) bit is set. The network software sends a message
to the sending host, alerting it to the problem. The host has to fragment packets for the destination so
that they fit the smallest packet size of all the links along the path.
The default MTU is 1500 bytes in a block for Ethernet interfaces. This value is sufficient for most
applications, but you can pick a lower number if network conditions require it.
To enable jumbo frames, see the
“Enabling Jumbo Frame Support (Supported Models)” section on
. A jumbo frame is an Ethernet packet larger than the standard maximum of 1518 bytes
(including Layer 2 header and FCS), up to 9216 bytes. Jumbo frames require extra memory to process,
and assigning more memory for jumbo frames might limit the maximum use of other features, such as
access lists. To use jumbo frames, set the value higher, for example, to 9000 bytes.
Prerequisites
•
Set up your interfaces depending on your model:
–
ASA 5510 and higher—
Chapter 6, “Starting Interface Configuration (ASA 5510 and Higher).”
–
ASA 5505—
Chapter 7, “Starting Interface Configuration (ASA 5505).”
•
In multiple context mode, you can only configure context interfaces that you already assigned to the
context in the system configuration according to the
“Configuring Multiple Contexts” section on
.