Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
0
Helpful
4
Replies

MAC address table in the 2950 switch - please help.

munyeephang
Level 1
Level 1

‎05-18-2005 08:10 PM - edited ‎03-02-2019 10:49 PM

Dear all,

I'm using a Catalyst 2950 to support high availability(HA) plan in my network. 2 units of firewalls are connected to the same switch. The problem is when I tested the plan to failover the active unit of the firewall, the second unit /backup firewall is supposed to be running by publishing the MAC address to the switch. I understand that the switch takes about 50 seconds from the time any device is active (from listening to learning to actual forwarding traffic).

However, I suspect that the switch is confused with the MAC addresses of the firewalls as they have the same IP addresses(due to HA), hence causing the second firewall (backkup) to reboot every time.

Would like to find out if the below could help solve this problem:

1. Can we shorten the time of the switch relearning the MAC address of the second unit of firewall from 50 seconds to lesser? How do we do that?

2. Hard-code the MAC address of the second unit so that the switch does not have to learn the backup firewall's MAC address whenever it needs to take over the function of the main firewall?

Thanks for your help in advance.

Regards,

Munyee

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎05-18-2005 09:39 PM

Hello Munyee,

the 50 seconds would apply to a switch port that goes through all spanning tree phases. Make sure you have the interface command ´spanning-tree portfast´ configured on the ports where the firewalls are connected.

Regarding the hard-coding of MAC addresses, the command to use is:

mac address-table static

Here is an example from CCO:

This example shows how to add the static address 0004.5600.67ab to the MAC address table:

Switch(config)# mac address-table static 0004.5600.67ab vlan 1 interface fastethernet0/2

By the way, which firewall are you using ?

Regards,

GP

0 Helpful

munyeephang
Level 1
Level 1
In response to Georg Pauwen

‎05-18-2005 10:28 PM

Thank you for your assistance.

Is it recommended that I hardcode the MAC address to solve the problem described earlier or should I take a defferent approach?

Please correct me if I'm wrong, I thought the 50 seconds timeframe is used for the switch to learn the MAC address of a new device plugged into its port and hence register it into the MAC address table?

If I'm just using the 2950 to do basic switching without multiple vLANs, how long does it for a new device to register its MAC? How do I speed up that process?

0 Helpful

Georg Pauwen
VIP
VIP
In response to munyeephang

‎05-18-2005 11:49 PM

Hello,

sorry for the misunderstanding: without the ´spanning-tree portfast´ command on the interface, it takes between 30 to 50 seconds for the MAC address to register, due to the fact that the port goes through the Spanning Tree phases. With the command enabled, the MAC address registers immediately.

Regards,

GP

0 Helpful

munyeephang
Level 1
Level 1
In response to Georg Pauwen

‎05-19-2005 01:09 AM

Hi GP,

Thanks for your response. I guess since I want the switch to know the MAC address as fast as possible, I should just hard-code the MAC address of the backup firewall or should I run the 'spanning-tree portfast´ command?

Regards,

Munyee

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card