hi Bassam, ack. you for inputs. I know the 3 standard classification criteria , yet in Yousuf book, while i was conducting labs on rental racks, i was astounded by the thing that mac-address auto was not configured, and also manual mac- address was not rpovided.....then how come in LAB 1 , i can see in the output shown on page 69 of LAB1 the same mac-address was present.
Anyways....thanks for patience and the url provided. regards, kamran. On Fri, Feb 4, 2011 at 11:00 PM, Basem Hanna <[email protected]>wrote: > I would avoid the ffff.ffff.ffff as that’s broadcast. There are some other > ones for CDP, multicast etc, but you can look those up. For the CCIE test I > would just use the mac address auto unless otherwise told. > > > > I don’t have the lab book in front of me but based on the name of the > interface I assume that the Inside and DMZ are on different VLANs so they > are in different broadcast domains. The only time you would be technically > required to assign a mac addresses is when you have multiple context > Firewalls on the same broadcast domain in other words they share an > interface. For example ContextA and ContextB both having an outside > interface on the same 192.168.1.X network going to the same gateway. > > > > Read this about classifier criteria, unique MAC Addresses: > > > http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/contexts.html#wp1134027 > > > > Also try not to email me directly but cc the mailing list as we are all > learning from each other. > > > > -B > > > > > > *From:* kamran shakil [mailto:[email protected]] > *Sent:* Friday, February 04, 2011 1:23 PM > *To:* Basem Hanna > > *Subject:* Re: [OSL | CCIE_Security] [imp] ASA: mac-address auto "NOT > ALLOWED" > > > > well, i just wanted to clarify 2 things. > > 1> if mac-address auto is not to be used, then we can use command > mac-address <aaaa.bbbb.cccc> right... well is there any logic to the command > mac address or any number or alphabet (from a-f) can work... > > 2> my second query to my post is if anyone has access to Yusuf Config Labs > cisco press book, in LAB 1 on Page 69 , you can see the MAC ADDRESS of > INSIDE and DMZ2 interfaces are same ??? HOW is that ? can anyone see this > and let me know is this an error or possible with some configuration !!!! > > regards, > > > On Fri, Feb 4, 2011 at 10:14 PM, Basem Hanna <[email protected]> > wrote: > > Not sure what you’re asking. You don’t always have to use mac address auto. > What problem are you having? what’s not working? What did you try? > > > > > > -B > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *kamran shakil > *Sent:* Friday, February 04, 2011 11:27 AM > > > *To:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] [imp] ASA: mac-address auto "NOT > ALLOWED" > > > > Guys, > > > > This is F1 (Help call) . ... ~ .anyone ...did u check this out... > > i am doing most of the labs with mac-address auto , but seeing this lab i > was stumped !!!! > > plz do reply.. > > On Fri, Feb 4, 2011 at 7:14 PM, kamran shakil <[email protected]> > wrote: > > well, for yusuf lab i have quoted the page 69 see the outputs for inside > and dmz2 mac address. > > > > On Fri, Feb 4, 2011 at 3:22 PM, Bruno <[email protected]> wrote: > > what makes you believe that they have the same mac? Is there any "show > interface ethernetx/x" showing same mac? > > On Fri, Feb 4, 2011 at 7:18 AM, kamran shakil <[email protected]> > wrote: > > *I was going thru Yusuf lab 1 and encountered something which made me > write this email :* > > > " If you see Yusuf book ( Ref: lab 1, page 69), Interface Dmz2 and inside > interface have same mac-address. " > > How the pkts will be forwarded in this case? Isn't it strange .... ( no > mac-address auto) is defined already! > > How does this work !!! no manual mac-address command was used for the > solution. > > > regards, > Kamran. > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
