The issue is only if they explicitly say not to use mac-address auto with the shared interfaces. Then you will have to have some for of NATTING to still allow access but I am guessing at that point the question will be specific.
On Sun, Oct 21, 2012 at 3:36 PM, Mike Rojas <[email protected]> wrote: > It is always the solution, it shouldnt break anything.. In case it does > (believe me it wont) go to the adjacent devices and make sure its updated, > if not, clear the arp table and you should be good. > > I dont think Cisco will go against something is Cisco recommended. U can > look for mac-address auto on the commad reference, check on usage > guidelines and u will see. > > Cheers. > > Sent from my iPhone > > On Oct 21, 2012, at 1:32 PM, "Matt Hill" <[email protected]> wrote: > > > HI Mike, > > > > That works. I turned on mac-address auto in system context and I have > > four unique MACs. > > > > Now.. what is this going to break in the lab? :) I just recall in > > the previous thread that it might be a bad idea to use mac address > > auto in the lab? > > > > Cheers, > > Matt > > > > CCIE #22386 > > CCSI #31207 > > > > On 21 October 2012 12:14, Mike Rojas <[email protected]> wrote: > >> Mac address auto is the trick on all of those exercises regarding > multiple context and share interfaces. > >> > >> Having a unique mac address of each interface will avoid any > classification issues on the ASA. > >> > >> IF there is a problem with classification u can either apply nat or if > it gets to the incorrect interface use ASR groups. > >> > >> Mike > >> > >> Sent from my iPhone > >> > >> On Oct 21, 2012, at 1:10 PM, "Matt Hill" <[email protected]> wrote: > >> > >>> Hi everyone, > >>> > >>> I am a little bit confused on how to do do an outside shared interface > >>> on an ASA. This has been asked recently, but I think I am asking > >>> something slightly different here. > >>> > >>> Say I have (as mentioned) a shared physical outside, and two separate > >>> physical interfaces for the respective insides. The outside > >>> interfaces are in separate vlans, and I have configured a trunk on the > >>> respective switchport. > >>> > >>> I think that I _probably_ dont need static MACs, as they are in > >>> different vlans anyway and L2 will sort out over the trunk which vlan, > >>> and hence context, to send the frames to, however for the purposes of > >>> this discussion, lets say I want to configure static MAC for my own > >>> sanity. I think I need to configure the MAC addresses in the > >>> interface config on each respective context, as opposed to from the > >>> system context. What I have done I have included below. > >>> > >>> This is not a particular lab scenario, just something I am playing > >>> with right now as I cant authenticate my IPExpert DRM from my hotel > >>> network for some silly reason. I am sure the answer is in there > >>> somewhere *sigh* > >>> > >>> I also expect what I have done should work if both outside interfaces > >>> were in the same subnet (ie not trunked, two access ports same vlan). > >>> > >>> Cheers, > >>> Matt > >>> > >>> CCIE #22386 > >>> CCSI #31207 > >>> > >>> > >>> hostname ASA1 > >>> enable password 8Ry2YjIyt7RRXU24 encrypted > >>> no mac-address auto > >>> ! > >>> interface Ethernet0/0 > >>> ! > >>> interface Ethernet0/0.30 > >>> vlan 30 > >>> ! > >>> interface Ethernet0/0.40 > >>> vlan 40 > >>> ! > >>> interface Ethernet0/1 > >>> ! > >>> interface Ethernet0/2 > >>> ! > >>> interface Ethernet0/3 > >>> ! > >>> context Con1 > >>> description Context1 > >>> allocate-interface Ethernet0/0.30 outside > >>> allocate-interface Ethernet0/1 inside > >>> config-url disk0:/Con1.cfg > >>> ! > >>> > >>> context Con2 > >>> description Context2 > >>> allocate-interface Ethernet0/0.40 outside > >>> allocate-interface Ethernet0/2 inside > >>> config-url disk0:/Con2.cfg > >>> ! > >>> Context 1: > >>> interface outside > >>> mac-address 0001.0000.1111 > >>> nameif outside > >>> security-level 0 > >>> ip address 66.66.30.10 255.255.255.0 > >>> ! > >>> interface inside > >>> nameif inside > >>> security-level 100 > >>> ip address 66.66.20.10 255.255.255.0 > >>> > >>> Context2: > >>> ! > >>> interface inside > >>> nameif inside > >>> security-level 100 > >>> ip address 66.66.50.12 255.255.255.0 > >>> ! > >>> interface outside > >>> mac-address 2222.0000.2222 > >>> nameif outside > >>> security-level 0 > >>> ip address 66.66.40.12 255.255.255.0 > >>> > >>> > >>> show int: > >>> > >>> ASA1/Con1(config)# show int > >>> Interface outside "outside", is up, line protocol is up > >>> MAC address 0001.0000.1111, MTU 1500 > >>> IP address 66.66.30.10, subnet mask 255.255.255.0 > >>> > >>> Interface inside "inside", is up, line protocol is up > >>> MAC address 0018.199e.a095, MTU 1500 > >>> IP address 66.66.20.10, subnet mask 255.255.255.0 > >>> > >>> ASA1/Con2(config)# show int > >>> Interface inside "inside", is up, line protocol is up > >>> MAC address 0018.199e.a096, MTU 1500 > >>> IP address 66.66.50.12, subnet mask 255.255.255.0 > >>> > >>> Interface outside "outside", is up, line protocol is up > >>> MAC address 2222.0000.2222, MTU 1500 > >>> IP address 66.66.40.12, subnet mask 255.255.255.0 > >>> _______________________________________________ > >>> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > >>> > >>> Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
