Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
787
Views
6
Helpful
3
Replies

Turning a switch into a hub

csmall2
Level 1
Level 1

‎05-29-2003 06:18 PM - edited ‎03-02-2019 07:45 AM

The problem I got is I need to give my switches a lobotomy.

The redundant firewalls we use need to be connected by hubs. They cannot use switches because of the MAC tricks they do. The problem is for redundancy you need two for each firewall arm so you can quickly build up a mountain of small 5-port hubs that sit between the switches and the firewalls.

Idealy, I like to configure my switches in some way so that I could create a VLAN which had ports that acted like hub ports. In other words flood every port in the VLAN no matter what the bridge MAC table says. The other VLANs need to act just like they do now.

So currently it looks like this

router-switch-hub-firewall-hub-switch

router-switch-hub-firewall-hub-switch

(cannot show links because the site doesn't like my ascii art)

There is crosslinks between the top and bottom switches and hubs.

I'd probably need to make a small cross-over cable on the switch from the switched VLAN to the hub VLAN but that's ok The idea is to replace the 4 hubs with some sort of strange VLAN.

Thanks!

Labels:
0 Helpful
3 Replies 3

t.baranski
Level 4
Level 4

‎05-29-2003 07:03 PM

This isn't possible on Cisco switches to my knowledge. I recently switched HA daemons on our BSD firewalls for precisely this reason -- using hubs to acheive firewall redundancy is, in my opinion, highly suboptimal.

vincent-n
Level 3
Level 3

‎05-29-2003 10:46 PM

If you have only two firewalls to worry about then have you considered using a cross-over cable to connect the two firewall arms? For the firewall connections that needs to be connect to the enterprise network, use a hub just like you mentioned in the scenario.

pmarner
Level 1
Level 1

‎07-02-2003 09:36 AM

Bit late with a reply but I hope it helps.

I have seen problems with HA firewalls or more accurately clustered servers. This is were a number of servers appear to outside devices as 1 entity and do this by having a common IP address and MAC address. It is this that causes the problems with the switches.

Have a look at these documents on Stonesoft's site which cover IOS and CatOS switches.

http://www.stonesoft.com/document/art/2368.html

0 Helpful
Customers Also Viewed These Support Documents