when your firewall changes, the server MAC address should "move" in the 2948's MAC-address-table form one port to the other. But the 2948 doesn't recognize the change, so the MAC-address-table entry remains the same for the bridge aging time (5 minutes default which can't be changed for 2948). After this timer expires, the MAC-address-table entry is cleared and 2948 starts to consider the MAC address of the server as unknown, floods frames with this destination address to all ports and after the server replays MAC-address-table entry becomes correct and everybody is happy.
The possibilities you've got are:
a) wait 5 minutes after FW change
b) ping from the server to anywhere through the 2948 after FW change (2948 then should notice the server "move")
c) enable spanning tree on BVI1 (this might help, there are some strange relations between STP and MAC-address-table not described in IOS documentation)
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.