HI Mike, That works. I turned on mac-address auto in system context and I have four unique MACs.
Now.. what is this going to break in the lab? :) I just recall in the previous thread that it might be a bad idea to use mac address auto in the lab? Cheers, Matt CCIE #22386 CCSI #31207 On 21 October 2012 12:14, Mike Rojas <[email protected]> wrote: > Mac address auto is the trick on all of those exercises regarding multiple > context and share interfaces. > > Having a unique mac address of each interface will avoid any classification > issues on the ASA. > > IF there is a problem with classification u can either apply nat or if it > gets to the incorrect interface use ASR groups. > > Mike > > Sent from my iPhone > > On Oct 21, 2012, at 1:10 PM, "Matt Hill" <[email protected]> wrote: > >> Hi everyone, >> >> I am a little bit confused on how to do do an outside shared interface >> on an ASA. This has been asked recently, but I think I am asking >> something slightly different here. >> >> Say I have (as mentioned) a shared physical outside, and two separate >> physical interfaces for the respective insides. The outside >> interfaces are in separate vlans, and I have configured a trunk on the >> respective switchport. >> >> I think that I _probably_ dont need static MACs, as they are in >> different vlans anyway and L2 will sort out over the trunk which vlan, >> and hence context, to send the frames to, however for the purposes of >> this discussion, lets say I want to configure static MAC for my own >> sanity. I think I need to configure the MAC addresses in the >> interface config on each respective context, as opposed to from the >> system context. What I have done I have included below. >> >> This is not a particular lab scenario, just something I am playing >> with right now as I cant authenticate my IPExpert DRM from my hotel >> network for some silly reason. I am sure the answer is in there >> somewhere *sigh* >> >> I also expect what I have done should work if both outside interfaces >> were in the same subnet (ie not trunked, two access ports same vlan). >> >> Cheers, >> Matt >> >> CCIE #22386 >> CCSI #31207 >> >> >> hostname ASA1 >> enable password 8Ry2YjIyt7RRXU24 encrypted >> no mac-address auto >> ! >> interface Ethernet0/0 >> ! >> interface Ethernet0/0.30 >> vlan 30 >> ! >> interface Ethernet0/0.40 >> vlan 40 >> ! >> interface Ethernet0/1 >> ! >> interface Ethernet0/2 >> ! >> interface Ethernet0/3 >> ! >> context Con1 >> description Context1 >> allocate-interface Ethernet0/0.30 outside >> allocate-interface Ethernet0/1 inside >> config-url disk0:/Con1.cfg >> ! >> >> context Con2 >> description Context2 >> allocate-interface Ethernet0/0.40 outside >> allocate-interface Ethernet0/2 inside >> config-url disk0:/Con2.cfg >> ! >> Context 1: >> interface outside >> mac-address 0001.0000.1111 >> nameif outside >> security-level 0 >> ip address 66.66.30.10 255.255.255.0 >> ! >> interface inside >> nameif inside >> security-level 100 >> ip address 66.66.20.10 255.255.255.0 >> >> Context2: >> ! >> interface inside >> nameif inside >> security-level 100 >> ip address 66.66.50.12 255.255.255.0 >> ! >> interface outside >> mac-address 2222.0000.2222 >> nameif outside >> security-level 0 >> ip address 66.66.40.12 255.255.255.0 >> >> >> show int: >> >> ASA1/Con1(config)# show int >> Interface outside "outside", is up, line protocol is up >> MAC address 0001.0000.1111, MTU 1500 >> IP address 66.66.30.10, subnet mask 255.255.255.0 >> >> Interface inside "inside", is up, line protocol is up >> MAC address 0018.199e.a095, MTU 1500 >> IP address 66.66.20.10, subnet mask 255.255.255.0 >> >> ASA1/Con2(config)# show int >> Interface inside "inside", is up, line protocol is up >> MAC address 0018.199e.a096, MTU 1500 >> IP address 66.66.50.12, subnet mask 255.255.255.0 >> >> Interface outside "outside", is up, line protocol is up >> MAC address 2222.0000.2222, MTU 1500 >> IP address 66.66.40.12, subnet mask 255.255.255.0 >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
