This swith works fine with clusterXL although it is a bit slow .
If your fw hardware support gigabit I would suggest u go for 2970 which
is the 1000-Tx equvalant of 2950.
This one can realy handle the load.
-sud
Alan Choyna wrote:
Works fine with our Cisco Catalyst 3550.
Full gigabit speed on all interfaces.
Al
05, Delava Alain wrote:
Hello list;
I have exaclty the same question since I was planning to use Cisco 2950
switches (24 100-Tx + 2 1000-Tx) with Standard Image (ref. WS-C2950-24)
for my R55+SPLAT+ClusterXL with load sharing multicast mode platform...
Does anyone has info about that ? The Cisco doc. does not mention any
info about multicast ARP support and behaviour
[<http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_she>http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_she
et09186a00801cfb71.html].
Page 52 of Checkpoint's ClusterXL R55 guide suggests some hardware,
including "Cisco 2900" and also read in the mailing lists archives that
> On Jul 20, 2005, at 9:17 AM, Cassell,Damon Z. wrote:
>
>> [...] I've found that Cisco 2950 switches are
>> plug and play when it comes to multicast addresses and
ClusterXL. I'm
>> currently testing such a configuration. [...]
but I'm not sure if this includes 2950 *with std image*...
Thanks in advance,
--
Alain DELAVA - alain/nospam/[EMAIL PROTECTED]/removeme/sys.be
Security & infrastructure consultant
TRASYS - "We are SUEZ"
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Edward Luck
> Sent: mercredi 14 septembre 2005 9:06
> To: [email protected]
> Subject: Re: [FW-1] Supported switch hardware for ClusterXL
>
> The Catalyst 2970 most likely will work, however you may need
> to upgrade to
> the Enhanced IOS image to support static MAC entries for multicast
> addresses. As for the cheap switches, I'm not sure. It
> depends on a couple
> of things:
> 1. If they recognise multicast MAC addresses (They all start
> with 01-00-5e)
> 2. What they do with them!
> If the switch doesn't recognise or care about multicast MAC
> addresses, it
> may bind the MAC to one port and one port only, effectively
> breaking load
> balancing. If the switch *does* know about multicast MAC
> addresses, the only
> way it would work is if it treated those in the same way it
> treats the
> broadcast MAC address (ff-ff-ff-ff-ff), and forwards these to
> every switch
> port. Of course, this effectively makes the switch a hub,
> which you probably
> don't really want.
> Personally, I would save the potential disasters and go straight to
> configurable switches such as the Cisco that can be *told*
> what to do, for
> every firewall interface. Here's a quick summary of
> everything you will need
> to do to make multicast load-sharing with ClusterXL work:
> On the Switches
> --------------------------------
> mac address-table static 01:00:5e:xx:xx vlan XX interface
> fa1/0/XX fa1/0/XX
> (this lists both the ports that the firewall connects to)
> On any routers which the firewalls talk to:
> -------------------------------------------------------------
> arp <Firewall Load Balanced IP Address> <Multicast MAC Address> arpa
> Do *not* stuff up the ARP address on the routers. I have
> been there, twice,
> at 2am for a big customer and the bizarre things that happen
> will blow your
> mind. None of these bizarre things point to you having
> stuffed the ARP entry
> on the router either, so you can chase your tail for days.
> Have fun,
> Ed Luck, GCFW (Hons)
> Senior Security Engineer
> Dimension Data Australia
>
>
> On 9/14/05, Meyers, Duncan <[EMAIL PROTECTED]> wrote:
> >
> > I am in the throes of setting up ClusterXL on two
> SecurePlatform boxes. I
> > went looking for a list of switches at Checkpoint's support
> site that will
> > support load sharing multicast mode - but that requires a
> support contract
> > :-(
> >
> > Can anyone tell me if a Cisco Cat 2970 will work? I suspect
> it will, but
> > no harm in checking...
> >
> > Also, will multicast mode work with somenthing like a
> Linksys SD208 or
> > Netgear FS608 (for the insecure side of the cluster)? The
> router to the 'net
> > is a Cisco 1841. Is this OK?
> >
> >
> >
> > Thanks,
> >
> > Duncan
> >
> >
> >
> >
> >
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [EMAIL PROTECTED]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [EMAIL PROTECTED]
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
**********************************************
The information contained in this email is confidential and is meant to be read
only by the person to whom it is addressed.
Please visit http://www.millenniumit.com/legal/email.htm to read the entire
confidentiality clause.
**********************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
