At 06:59 PM 8/24/99 +0200, Chris Osicki wrote:
>
>Why would you want connect all four to the same switch? The switches are
>nowdays not that expensive ;-) Am I missing something here?
Different VLANS on the same switch. There have been reports that
Catalyst cam tables can get messed up. I haven't experienced this
first hand. But since hearing about it I give each interface a unique
MAC. Expense is relative to the company isn't it? And yes, I'd
recommend individual switches if possible.
-Art
>
>Unless you have a kind of a hybrid switch, it operates on MAC addresses
>and doesn't know anything about IP. The IP-packet sender sends an ARP
>to get the MAC-address of the destination. The switch forwards this ARP
>to all ports (or all ports in a VLAN) and a comming back ARP-reply to
>the ARP's sender. The sender uses the MAC-address received in ARP-reply
>to send the packet. Switch maintains a table of _MAC_ addresses and ports
>they belong to. And uses this table to decide which port is the packet
>to be send to. Correct me please if I'm wrong.
>
>As for several NICs with the same MAC address on one switch I have to
>test yet.
>
>Regards,
>Chris
>
>Peter Pajak wrote:
>
>> not exactly, since all NICs on sun boxes always have the same mac address
>> (burnt into the motherboard) all switches are designed to handle that all
>> right. besides, all comunications start with the ip address being mapped
to
>> mac address by arp, so the switch port which has the ip address you want
to
>> talk to is being used as the communication channel anyway. in regard to
the
>> second part ask the guy what he means by compromisig the card. to do that
>> one would have to have phisical access to the machine and that's another
>> issue.
>>
>> later, peter
>>
>>
>> >From: Art Coble <[EMAIL PROTECTED]>
>> >To: Corbett Waddingham <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>> >Subject: Re: quad cards on firewalls
>> >Date: Mon, 23 Aug 1999 17:04:25 -0700
>> >
>> >I don't see a problem with it.
>> >I've implemented the configuration you are describing.
>> >Make sure you configure the qfe card to give each
>> >port a unique MAC address. By default each port
>> >has the same MAC. This can wreak some havoc on switches.
>> >
>> > -Art
>> >
>> >
>> >At 04:20 PM 8/23/99 -0700, Corbett Waddingham wrote:
>> > >
>> > >Hello,
>> > >
>> > >Recently, the subject of using quad ethernet cards on firewalls was
>> >brought up
>> > >here at work. One person was convinced that this is a Bad Thing(c),
>> >because
>> > >someone could compromise the card and get access to the entire network.
>> > >Everyone else (myself included) felt that he was just being overly
>> >paranoid,
>> > >and that just keeping the subnets logically seperated would be fine.
But
>> >I
>> > >thought I would ask the people who be most likely to know.
>> > >
>> > >The card in this case was a Sun Quad Fast Ethernet, the firewall itself
>> >was
>> > >an UltraSPARC with Solaris 2.6 and Checkpoint.
>> > >
>> > >
>> > >Corbett Waddingham
>> > >E-greetings Network Data Wrangler
>> > >415-536-1861
>> > >http://www.egreetings.com
>> > >-
>> > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
>> > >"unsubscribe firewalls" in the body of the message.]
>> > >
>> >
>> >===========================================
>> >Art Coble
>> >International Network Services
>> >Senior Network Consultant
>> >Email: [EMAIL PROTECTED]
>> >Page: 800 INS 1 INS or [EMAIL PROTECTED]
>> >"Fix the problem, not the blame"
>> >=============================================
>> >-
>> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
>> >"unsubscribe firewalls" in the body of the message.]
>> >
>>
>>
>> ______________________________________________________
>> Get Your Private, Free Email at http://www.hotmail.com
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
===========================================
Art Coble
International Network Services
Senior Network Consultant
Email: [EMAIL PROTECTED]
Page: 800 INS 1 INS or [EMAIL PROTECTED]
"Fix the problem, not the blame"
=============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
