Filter
Top Products
10-18
Cisco ASDM User Guide
OL-16647-01
Chapter 10 Configuring Security Contexts
Configuring Security Contexts
• Enabling Automatic MAC Address Assignment, page 10-18
MAC Address Overview
To allow contexts to share interfaces, we suggest that you assign unique MAC addresses to each context
interface. The MAC address is used to classify packets within a context. If you share an interface, but do
not have unique MAC addresses for the interface in each context, then the destination IP address is used
to classify packets. The destination address is matched with the context NAT configuration, and this
method has some limitations compared to the MAC address method. See the “How the Security
Appliance Classifies Packets” section on page 10-2 for information about classifying packets.
By default, the physical interface uses the burned-in MAC address, and all subinterfaces of a physical
interface use the same burned-in MAC address.
For use with failover, the security appliance generates both an active and standby MAC address for each
interface. If the active unit fails over and the standby unit becomes active, the new active unit starts using
the active MAC addresses to minimize network disruption.
When you assign an interface to a context, the new MAC address is generated immediately. If you enable
this option after you create context interfaces, then MAC addresses are generated for all interfaces
immediately after you apply the option. If you disable this option, the MAC address for each interface
reverts to the default MAC address. For example, subinterfaces of GigabitEthernet 0/1 revert to using
the MAC address of GigabitEthernet 0/1.
The MAC address is generated using the following format:
• Active unit MAC address: 12_slot.port_subid.contextid.
• Standby unit MAC address: 02_slot.port_subid.contextid.
For platforms with no interface slots, the slot is always 0. The port is the interface port. The subid is an
internal ID for the subinterface, which is not viewable. The contextid is an internal ID for the context.
For example, the interface GigabitEthernet 0/1.200 in the context with the ID 1 has the following
generated MAC addresses, where the internal ID for subinterface 200 is 31:
• Active: 1200.0131.0001
• Standby: 0200.0131.0001
In the rare circumstance that the generated MAC address conflicts with another private MAC address in
your network, you can manually set the MAC address for the interface within the context. See the
“Configuring an Interface (Single Mode)” section on page 7-5 to manually set the MAC address.
Enabling Automatic MAC Address Assignment
To enable automatic MAC address assignment, perform the following steps.
Step 1 If you are not already in the System configuration mode, in the Device List pane, double-click System
under the active device IP address.
Step 2 On the Context Management > Security Contexts pane, check Mac-Address auto.