67-15
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter67 Configuring Active/Active Failover
Configuring Active/Active Failover
Note If you have more than one Active/Active failover pair on the same network, it is possible to have the
same default virtual MAC addresses assigned to the interfaces on one pair as are assigned to the
interfaces of the other pairs because of the way the default virtual MAC addresses are determined. To
avoid having duplicate MAC addresses on your network, make sure you assign each physical interface
a virtual active and standby MAC address.
These MAC addresses override the physical MAC addresses for the interface.
Fields
Physical Interface—Specifies the physical interface for which you are defining failover virtual MAC
addresses. Because the MAC addresses do not change for the LAN failover and Stateful Failover
interfaces during failover, you cannot choose these interfaces.
MAC Addresses—Contains the fields for specifying the active and standby virtual MAC addresses
for the interface.
Active Interface—Specifies the MAC address for the interface and failover group on the unit
where the failover group is active. Each interface may have up to two MAC addresses, one for
each failover group, which override the physical MAC address. Enter the MAC address in
hexadecimal format (for example, 0123.4567.89AB).
Standby Interface—Specifies the MAC address for the interface and failover group on the unit
where the failover group is in the standby state. Each interface may have up to two MAC
addresses, one for each failover group, which override the physical MAC address. Enter the
MAC address in hexadecimal format (for example, 0123.4567.89AB).
Failover > MAC Addresses Tab
The MAC Addresses tab lets you configure the virtual MAC addresses for the interfaces in an
Active/Standby failover pair.
In Active/Standby failover, the MAC addresses for the primary unit are always associated with the active
IP addresses. If the secondary unit boots first and becomes active, it uses the burned-in MAC address for
its interfaces. When the primary unit comes online, the secondary unit obtains the MAC addresses from
the primary unit. The change can disrupt network traffic.
You can configure virtual MAC addresses for each interface to ensure that the secondary unit uses the
correct MAC addresses when it is the active unit, even if it comes online before the primary unit. If you
do not specify virtual MAC addresses, then the failover pair uses the burned-in NIC address as the MAC
address.
Note You cannot configure a virtual MAC address for the failover or state links. The MAC and IP addresses
for those links do not change during failover.
In Active/Active failover, the MAC addresses configured on this tab are not in effect. Instead, the MAC
addresses defined in the failover groups are used.
Fields
MAC Addresses—Lists physical interfaces on the ASA for which an active and standby virtual
MAC address has been configured.
Physical Interface—Identifies the physical interface for which failover virtual MAC addresses
are configured.