Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Turning a switch into a hub

The problem I got is I need to give my switches a lobotomy.

The redundant firewalls we use need to be connected by hubs. They cannot use switches because of the MAC tricks they do. The problem is for redundancy you need two for each firewall arm so you can quickly build up a mountain of small 5-port hubs that sit between the switches and the firewalls.

Idealy, I like to configure my switches in some way so that I could create a VLAN which had ports that acted like hub ports. In other words flood every port in the VLAN no matter what the bridge MAC table says. The other VLANs need to act just like they do now.

So currently it looks like this

router-switch-hub-firewall-hub-switch

router-switch-hub-firewall-hub-switch

(cannot show links because the site doesn't like my ascii art)

There is crosslinks between the top and bottom switches and hubs.

I'd probably need to make a small cross-over cable on the switch from the switched VLAN to the hub VLAN but that's ok The idea is to replace the 4 hubs with some sort of strange VLAN.

Thanks!

3 REPLIES
Bronze

Re: Turning a switch into a hub

This isn't possible on Cisco switches to my knowledge. I recently switched HA daemons on our BSD firewalls for precisely this reason -- using hubs to acheive firewall redundancy is, in my opinion, highly suboptimal.

New Member

Re: Turning a switch into a hub

If you have only two firewalls to worry about then have you considered using a cross-over cable to connect the two firewall arms? For the firewall connections that needs to be connect to the enterprise network, use a hub just like you mentioned in the scenario.

New Member

Re: Turning a switch into a hub

Bit late with a reply but I hope it helps.

I have seen problems with HA firewalls or more accurately clustered servers. This is were a number of servers appear to outside devices as 1 entity and do this by having a common IP address and MAC address. It is this that causes the problems with the switches.

Have a look at these documents on Stonesoft's site which cover IOS and CatOS switches.

http://www.stonesoft.com/document/art/2368.html

338
Views
6
Helpful
3
Replies
CreatePlease login to create content