Re: Cisco Switches with Stonebeat [7:69505]

[Bikespace]

Thanks Ross/Richard,

Some useful documents found with their search engine. I'll hopefully get to
try the suggestions out this week.

Regards,

Bikespace


""Richard Botham""  wrote in message
news:[EMAIL PROTECTED]
> Bikespace,
> Just spent a day testing exactly this...spooky
>
> You're correct , Cisco's cannot put a multicast mac in its arp cache
> dynamically - BUT - you CAN put STATIC ARP entries in a Cisco pointing to
a
> multicast mac.( Even if Layer3 is unicast)
>
> However there are some small perfomance points here ( only small !)
> Turning CEF on does have some benefits but not huge amounts.
>
> I threw 100 * 512 byte UPD segments at the Cisco for 5 mins while using a
> static multicast arp entry - It coped just fine.
>
>
> HTH Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70292&t=69505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Switches with Stonebeat [7:69505]

[Ross McCormick]

Have you checked on Stonebeat's site?  They have a number of articles
relating to Cisco equipment and Stonebeat depending on the equipment involved.

In particular,
http://www.stonesoft.com/estone/support/knowledgebase/view.html?id=000475&q=cisco

HTH


Bikespace wrote:
> 
> Hi All,
> 
> Anybody got tales to tell about working with Stonebeat?
> 
> I've been having some fun recently. Everything else seems to be
> able to see
> the firewall, but the Cisco is struggling, so devices on the
> same VLAN
> manage OK, because they ARP straight for the firewall. Devices
> on other
> VLAN's don't get through (the firewalls are connected to the
> Cisco
> directly).
> 
> I've put static ARP entries in for the Firewall. The crunch is
> the multicast
> address used by the FIrewall (It's not VRRP which would be fine
> - it's
> definitely a Multicast 01005e)
> 
> Cisco suggested enabling IP IGMP snooping. Yeah great - it's on
> by default
> on the 4500.
> 
> I know Cisco's can not ARP for multicast addresses. I know you
> can't add
> static MAC entries for multicast, but this wouldn't help me too
> much anyway
> as the virtual address will obviously move.
> 
> The switch must know where to forward the packets to as devices
> on the same
> VLAN are working, although it did not work until I put IP
> redirects on. I
> would have expected it to forward every packet individually
> even without IP
> redirect???
> 
> It's a bit of a sod as the customers switch is allowed about
> half an hours
> down time when organised a week ahead and its a couple of hours
> away anyway.
> Didn't give my brain time to churn before time was up.
> 
> I may not get round this without actually setting up Stonebeat
> in full to
> test with, so I'm looking for "ANY" tips hints tricks before I
> bite the
> bullet.
> 
> 
> I've prattled on enough for now.
> 
> Cheers,
> 
> Bikespace
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69672&t=69505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Switches with Stonebeat [7:69505]

[Richard Botham]

Bikespace,
Just spent a day testing exactly this...spooky

You're correct , Cisco's cannot put a multicast mac in its arp cache
dynamically - BUT - you CAN put STATIC ARP entries in a Cisco pointing to a
multicast mac.( Even if Layer3 is unicast)

However there are some small perfomance points here ( only small !)
Turning CEF on does have some benefits but not huge amounts.

I threw 100 * 512 byte UPD segments at the Cisco for 5 mins while using a
static multicast arp entry - It coped just fine.


HTH Rich


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69993&t=69505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]