Cisco ASA Series Cli Configuration Manual page 232

Information About Security Contexts
Default MAC Address
If you disable MAC address generation, see the following default MAC addresses:
•
•
See also the
Automatic MAC address generation is enabled—Uses an autogenerated prefix. The ASA autogenerates
the prefix based on the last two bytes of the interface (ASA 5500) or backplane (ASASM) MAC address.
You cannot use the legacy auto-generation method (without a prefix).
Note
To maintain hitless upgrade for failover pairs, the ASA does not convert an existing auto-generation
configuration upon a reload if failover is enabled. However, we strongly recommend that you manually
change to the prefix method of generation when using failover, especially for the ASASM. Without the
prefix method, ASASMs installed in different slot numbers experience a MAC address change upon
failover, and can experience traffic interruption. After upgrading, to use the prefix method of MAC
address generation, reenable MAC address autogeneration to use a prefix.
Interaction with Manual MAC Addresses
If you manually assign a MAC address and also enable auto-generation, then the manually assigned
MAC address is used. If you later remove the manual MAC address, the auto-generated address is used.
Because auto-generated addresses (when using a prefix) start with A2, you cannot start manual
MAC addresses with A2 if you also want to use auto-generation.
Failover MAC Addresses
For use with failover, the ASA generates both an active and standby MAC address for each interface. If
the active unit fails over and the standby unit becomes active, the new active unit starts using the active
MAC addresses to minimize network disruption. See the
section for more information.
MAC Address Format
The MAC address format without a prefix is a legacy version not supported on newer ASA versions.
The ASA generates the MAC address using the following format:
A2xx.yyzz.zzzz
Where xx.yy is a user-defined prefix or an autogenerated prefix based on the last two bytes of the
interface (ASA 5500) or backplane (ASASM) MAC address, and zz.zzzz is an internal counter generated
by the ASA. For the standby MAC address, the address is identical except that the internal counter is
increased by 1.
For an example of how the prefix is used, if you set a prefix of 77, then the ASA converts 77 into the
hexadecimal value 004D (yyxx). When used in the MAC address, the prefix is reversed (xxyy) to match
the ASA native form:
A24D.00zz.zzzz
Cisco ASA Series CLI Configuration Guide
1-12
For the ASA 5500 series appliances—The physical interface uses the burned-in MAC address, and
all subinterfaces of a physical interface use the same burned-in MAC address.
For the ASASM—All VLAN interfaces use the same MAC address, derived from the backplane
MAC address.
"MAC Address Format" section on page
Chapter 1 Configuring Multiple Context Mode
1-12.
"MAC Address Format" section on page 1-12