Works fine with our Cisco Catalyst 3550. Full gigabit speed on all interfaces.
Al 05, Delava Alain wrote:
Hello list; I have exaclty the same question since I was planning to use Cisco 2950 switches (24 100-Tx + 2 1000-Tx) with Standard Image (ref. WS-C2950-24) for my R55+SPLAT+ClusterXL with load sharing multicast mode platform... Does anyone has info about that ? The Cisco doc. does not mention any info about multicast ARP support and behaviour [<http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_she>http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_she et09186a00801cfb71.html]. Page 52 of Checkpoint's ClusterXL R55 guide suggests some hardware, including "Cisco 2900" and also read in the mailing lists archives that > On Jul 20, 2005, at 9:17 AM, Cassell,Damon Z. wrote: > >> [...] I've found that Cisco 2950 switches are >> plug and play when it comes to multicast addresses and ClusterXL. I'm >> currently testing such a configuration. [...] but I'm not sure if this includes 2950 *with std image*... Thanks in advance, -- Alain DELAVA - alain/nospam/[EMAIL PROTECTED]/removeme/sys.be Security & infrastructure consultant TRASYS - "We are SUEZ" > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Edward Luck > Sent: mercredi 14 septembre 2005 9:06 > To: [email protected] > Subject: Re: [FW-1] Supported switch hardware for ClusterXL > > The Catalyst 2970 most likely will work, however you may need > to upgrade to > the Enhanced IOS image to support static MAC entries for multicast > addresses. As for the cheap switches, I'm not sure. It > depends on a couple > of things: > 1. If they recognise multicast MAC addresses (They all start > with 01-00-5e) > 2. What they do with them! > If the switch doesn't recognise or care about multicast MAC > addresses, it > may bind the MAC to one port and one port only, effectively > breaking load > balancing. If the switch *does* know about multicast MAC > addresses, the only > way it would work is if it treated those in the same way it > treats the > broadcast MAC address (ff-ff-ff-ff-ff), and forwards these to > every switch > port. Of course, this effectively makes the switch a hub, > which you probably > don't really want. > Personally, I would save the potential disasters and go straight to > configurable switches such as the Cisco that can be *told* > what to do, for > every firewall interface. Here's a quick summary of > everything you will need > to do to make multicast load-sharing with ClusterXL work: > On the Switches > -------------------------------- > mac address-table static 01:00:5e:xx:xx vlan XX interface > fa1/0/XX fa1/0/XX > (this lists both the ports that the firewall connects to) > On any routers which the firewalls talk to: > ------------------------------------------------------------- > arp <Firewall Load Balanced IP Address> <Multicast MAC Address> arpa > Do *not* stuff up the ARP address on the routers. I have > been there, twice, > at 2am for a big customer and the bizarre things that happen > will blow your > mind. None of these bizarre things point to you having > stuffed the ARP entry > on the router either, so you can chase your tail for days. > Have fun, > Ed Luck, GCFW (Hons) > Senior Security Engineer > Dimension Data Australia > > > On 9/14/05, Meyers, Duncan <[EMAIL PROTECTED]> wrote: > > > > I am in the throes of setting up ClusterXL on two > SecurePlatform boxes. I > > went looking for a list of switches at Checkpoint's support > site that will > > support load sharing multicast mode - but that requires a > support contract > > :-( > > > > Can anyone tell me if a Cisco Cat 2970 will work? I suspect > it will, but > > no harm in checking... > > > > Also, will multicast mode work with somenthing like a > Linksys SD208 or > > Netgear FS608 (for the insecure side of the cluster)? The > router to the 'net > > is a Cisco 1841. Is this OK? > > > > > > > > Thanks, > > > > Duncan > > > > > > > > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
