Why would you want connect all four to the same switch? The switches are
nowdays not that expensive ;-) Am I missing something here?
Unless you have a kind of a hybrid switch, it operates on MAC addresses
and doesn't know anything about IP. The IP-packet sender sends an ARP
to get the MAC-address of the destination. The switch forwards this ARP
to all ports (or all ports in a VLAN) and a comming back ARP-reply to
the ARP's sender. The sender uses the MAC-address received in ARP-reply
to send the packet. Switch maintains a table of _MAC_ addresses and ports
they belong to. And uses this table to decide which port is the packet
to be send to. Correct me please if I'm wrong.
As for several NICs with the same MAC address on one switch I have to
test yet.
Regards,
Chris
Peter Pajak wrote:
> not exactly, since all NICs on sun boxes always have the same mac address
> (burnt into the motherboard) all switches are designed to handle that all
> right. besides, all comunications start with the ip address being mapped to
> mac address by arp, so the switch port which has the ip address you want to
> talk to is being used as the communication channel anyway. in regard to the
> second part ask the guy what he means by compromisig the card. to do that
> one would have to have phisical access to the machine and that's another
> issue.
>
> later, peter
>
>
> >From: Art Coble <[EMAIL PROTECTED]>
> >To: Corbett Waddingham <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> >Subject: Re: quad cards on firewalls
> >Date: Mon, 23 Aug 1999 17:04:25 -0700
> >
> >I don't see a problem with it.
> >I've implemented the configuration you are describing.
> >Make sure you configure the qfe card to give each
> >port a unique MAC address. By default each port
> >has the same MAC. This can wreak some havoc on switches.
> >
> > -Art
> >
> >
> >At 04:20 PM 8/23/99 -0700, Corbett Waddingham wrote:
> > >
> > >Hello,
> > >
> > >Recently, the subject of using quad ethernet cards on firewalls was
> >brought up
> > >here at work. One person was convinced that this is a Bad Thing(c),
> >because
> > >someone could compromise the card and get access to the entire network.
> > >Everyone else (myself included) felt that he was just being overly
> >paranoid,
> > >and that just keeping the subnets logically seperated would be fine. But
> >I
> > >thought I would ask the people who be most likely to know.
> > >
> > >The card in this case was a Sun Quad Fast Ethernet, the firewall itself
> >was
> > >an UltraSPARC with Solaris 2.6 and Checkpoint.
> > >
> > >
> > >Corbett Waddingham
> > >E-greetings Network Data Wrangler
> > >415-536-1861
> > >http://www.egreetings.com
> > >-
> > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > >"unsubscribe firewalls" in the body of the message.]
> > >
> >
> >===========================================
> >Art Coble
> >International Network Services
> >Senior Network Consultant
> >Email: [EMAIL PROTECTED]
> >Page: 800 INS 1 INS or [EMAIL PROTECTED]
> >"Fix the problem, not the blame"
> >=============================================
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
>
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
