Le 25/11/2014 18:48, Nick Hilliard a écrit : > On 25/11/2014 17:27, Scott Miller wrote: >> In my setup, each ASA has a different IP. > > which means that active / failover will not operate on a /30. The OP will > need /29 or larger. > Yes you can use one /30 ip for master and nothing for secondary, this will not permit monitoring prob for this specific interface.
Some people seems to have verified that gratuitous arp is send (but mac should stay the same) on failover event by the new master, so other side should always be ensured of using correct mac address and switch should learn the right port to forward frames. -> https://learningnetwork.cisco.com/thread/34401 By the way what do you mean by "customer has to reboot the connection"? I assume your "core switch" is the one on the uplink of 3com switch. Does the customer switch well re-learn mac address from the new asa port? Does Asa mac address change from your uplink point of view (which whould justify 'clear arp'? if so you may try "failover mac address <if>" command on asa to force specific mac address use on the uplink interface so you're sure to be sticked, or simply lower arp timeout on your "core switch" to an acceptable level. my 2 cts, Fabien _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/