IP and MAC Addresses Used for Failover
For anniversary arrangement interface on which you appetite failover configured, you charge to
reserve two IP addresses. One IP abode is for the primary firewall, and one IP
address is for failover.When activity properly, the primary firewall will use
its arrangement IP and MAC addresses, and the accessory firewall will use the failover
IP and MAC addresses.When failover occurs, the primary firewall fails and the
secondary firewall becomes active, and the IP and MAC addresses are swapped. In
other words, the accessory firewall (now active) assumes the arrangement IP and MAC
addresses of the primary firewall.The primary firewall (now standby) assumes
the failover IP and MAC addresses of the accessory firewall. Since the MAC
addresses of the firewalls change in accession to the IP addresses, hosts connecting
through the firewall do not accept to re-ARP.
By default, the MAC addresses on the alive firewall are the burned-in MAC
addresses from the NICs of the primary firewall, and the MAC addresses on the
standby firewall are the burned-in MAC addresses from the NICs on the secondary
firewall. Instead of application these burned-in addresses, you accept the option
to use a basic MAC address. If you adjudge to do this, for anniversary interface you can
assign basic MAC addresses application the afterward command:
failover mac abode
www.syngress.com
Configuring Failover • Chapter 8 419
For example:
PIX1(config)# failover mac abode central 00c0.1715.3341 00c0.1715.3342
To abolish a basic MAC address, use the no anatomy of the command.