It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Configure MAC to Interface Mapping

  • Last updated on

If you are running a firewall with multiple configured network interfaces, the mapping of the interface names to the corresponding MAC addresses and the order of the interface names (e.g., eth0, eth1, eth2...) are the result of your first configuration. However, it might be necessary at a later time to add further interfaces or change the mapping of interface names to the MAC addresses. To ensure that a special MAC address maps to the correct interface name, you must bind the interface names to their corresponding MAC addresses in a special MAC to Interface Mapping table.

This configuration can only be done in Advanced Mode!

Before You Begin

If you are not operating an HA cluster, continue with Step 1.

With an HA cluster, the configuration must be done separately for both firewalls because each one has unique MAC addresses on the respective interfaces. Therefore, you must make provisions for getting configuration access to the Interface tab on the secondary firewall.

Option #1: For a standalone HA-cluster:

  1. Log into the primary firewall.
  2. Go to CONFIGURATION > Configuration Tree > Box > Properties > Operational.
  3. In the left menu bar, click Configuration Mode to expand the list.
  4. Click Switch to Advanced.
  5. Click Lock.
  6. In the section Operational Settings, select yes for Dedicated Secondary Config.
    activate_dedicated_secondary_config_standalone.png
  7. Click Send Changes / Activate.

Option #2: For a CC managed HA-cluster:

  1. Log into the Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Boxes > your primary firewall > Properties > Operational.
  3. In the left menu bar, click Configuration Mode to expand the list.
  4. Click Switch to Advanced.
  5. Click Lock.
  6. In the section Operational Settings, select yes for Dedicated Secondary Config.
    activate_dedicated_secondary_config_cc_mgd.png
  7. Click Send Changes / Activate.

The secondary firewall will now be displayed in the configuration tree. You can now configure the interface settings individually for both firewalls.

In case of an HA cluster, execute the following steps both on the primary and the secondary firewall.

Step 1. Navigate to the respective Window to see the Interface Settings

  1. Go to CONTROL > Network.
  2. In the upper area, click Interfaces to see which MAC addresses map to which interface names and write down their mapping.

MAC_interface_mapping_before_adding_interface.png

Step 2. Verify the Mapping of MAC Addresses to the Interface Names

  1. Go to CONTROL > Network.

  2. Verify the mapping of MAC addresses to the interface names after adding the new Ethernet adapter. In this example, the newly added interface (eth3) incorrectly shows up between the previous order of interfaces.

    Depending on your configuration, the order of interfaces can differ!


    MAC_interface_mapping_after_adding_interface.png

Step 3. Add a Mapping Table to Correctly Bind the MAC Addresses to the Corresponding Interface Names

  1. Go to CONFIGURATION > Configuration Tree > Box > Network > Interfaces.
  2. Click Lock .
  3. In the left menu, click Switch to Advanced View.
  4. Click Set....
  5. The MAC Mapping window opens.
  6. Set Use Assignment to yes.

  7. For each network interface name and its corresponding MAC address that you wrote down earlier, add two entries in the MAC to Interface Assignment table complying with the following template:

    If a MAC address contains letters, use only lowercase letters when configuring the two corresponding templates for an interface, e.g.: a, b, c, d, e, f.

     

    1. Entry #1: CM2I_aa_bb_cc_dd_ee_ff=ethX. Replace the letters aa to ff by the real numbers from the corresponding MAC address. Replace X by the number of the corresponding interface number. Example: CM2I_00_11_22_33_44_55=eth0.
    2. Entry #2: CI2M_ethX=aa_bb_cc_dd_ee_ff. Replace the letters aa to ff by the real numbers from the corresponding MAC address. Replace X by the number of the corresponding interface number. Example: CI2M_eth0=00_11_22_33_44_55.
      add_mapping_former_MAC_interfaces_names.png
  8. Add two further entries for the new interface name and MAC address according to the two templates shown above. In this example, the new Ethernet adapter must be placed at the end (=eth5) of the former list of Ethernet adapters:
    1. Entry #1: CM2I_aa_bb_cc_dd_ee_ff=ethX.
    2. Entry #2: CI2M_ethX=aa_bb_cc_dd_ee_ff.
      add_mapping_new_MAC_interfaces_names.png
  9. Click OK.
  10. Click Send Changes and Activate.

Step 4. Activate the Network Configuration

You must activate the network changes.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.

Step 5. Verify the Correct Mapping of All MAC Addresses to Their Corresponding Interface Names

  1. Go to CONTROL > Network.
  2. In the upper area, click Interfaces to see which MAC addresses map to which interface name and write down the mapping.

MAC_interface_mapping_with_correct_interface_order.png

The newly added interface is now listed according to the MAC to Interface Mapping table.

Step 6 (optional). Revert Visibility for Dedicated Secondary Configuration

With an HA cluster, you now can revert the setting for Dedicated Secondary Config in case you executed the steps in the paragraph Before You Begin.

  1. Follow the steps described in the section Before You Begin and set Dedicated Secondary Configuration to no.
  2. The secondary firewall node will no longer be displayed in the configuration tree of the primary firewall.
Previous Article Next Article