11-11
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 11 Configuring Multiple Context Mode
Information About Security Contexts
Information About MAC Addresses
To allow contexts to share interfaces, you should assign unique MAC addresses to each shared context
interface.
The MAC address is used to classify packets within a context. If you share an interface, but do not have
unique MAC addresses for the interface in each context, then other classification methods are attempted
that might not provide full coverage. See the “How the ASA Classifies Packets” section on page 11-3
for information about classifying packets.
In the rare circumstance that the generated MAC address conflicts with another private MAC address in
your network, you can manually set the MAC address for the interface within the context. See the
“Configuring the MAC Address and MTU” section on page 14-12 to manually set the MAC address.
This section includes the following topics:
• Default MAC Address, page 11-11
• Interaction with Manual MAC Addresses, page 11-11
• Failover MAC Addresses, page 11-12
• MAC Address Format, page 11-12
Default MAC Address
If you disable MAC address generation, the physical interface uses the burned-in MAC address, and all
subinterfaces of a physical interface use the same burned-in MAC address.
See the following sections for your release for additional information about automatic MAC address
generation. See also the “MAC Address Format” section on page 11-12.
8.6(1) and Later
Automatic MAC address generation is enabled—Uses an autogenerated prefix. The ASA autogenerates
the prefix based on the last two bytes of the interface MAC address. You cannot use the legacy
auto-generation method (without a prefix).
Note To maintain hitless upgrade for failover pairs, the ASA does not convert an existing auto-generation
configuration upon a reload if failover is enabled. However, we strongly recommend that you manually
change to the prefix method of generation when using failover. After upgrading, to use the prefix method
of MAC address generation, reenable MAC address autogeneration to use a prefix.
Earlier Releases
Automatic MAC address generation is disabled.
Interaction with Manual MAC Addresses
If you manually assign a MAC address and also enable auto-generation, then the manually assigned
MAC address is used. If you later remove the manual MAC address, the auto-generated address is used.
Because auto-generated addresses (when using a prefix) start with A2, you cannot start manual
MAC addresses with A2 if you also want to use auto-generation.