Re: [OSL | CCIE_Security] "mac-address auto" command doubt

[Pieter-Jan Nefkens]

Hello Tacack, You're correct. If you have a multi-context firewall (doesn't matter whether it's active / active, or just a single multi-context firewall), and you share an interface with multiple contexts, then the asa needs to know how to direct traffic to the correct context. You can do that by either setting a mac-address manually per context, or use the system command mac-address auto that allows the asa to create multiple mac-addresses for that shared interface automatically. There's a question on yusuf's flash cards that says / asks in which order the asa determines to which context the incoming packet needs to go. If I remember correctly it's  1) unique interface 2) mac-address (the command you mention) 3) nat configuration HTH Pieter-Jan On 18 sep 2010, at 14:54, Vybhav Ramachandran wrote: Hello All, I think that the "mac-address auto" command is the only command available in the system context , which can be used to assign mac-addresses to the interfaces belonging to various contexts. The other way to change the mac-address of the context interfaces is to switch contexts and perform the interface level "mac-address" command. The only way to configure mac-addresses in single context mode is using the "mac-address" and the "failover mac-address" commands? I'd love to hear others thoughts on these. Cheers, TacACK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com