[c-nsp] cisco ASA using many time the same MAC and HP switches
Tim Durack
tdurack at gmail.com
Thu Nov 1 14:11:20 EDT 2007
Old HPs (such as the 4000) have a single switch-wide fdb. I've been
bitten by this more times than I wish to recount. Anything new should
have an fdb per VLAN.
Tim:>
On Nov 1, 2007 1:52 PM, Niels Bakker <niels=cisco-nsp at bakker.net> wrote:
> * philou at philou.ch (Philippe Strauss) [Thu 01 Nov 2007, 17:45 CET]:
> >I've just noticed an interesting "feature": ASA firewalls use the same
> >MAC address for many interfaces, either VLAN interfaces "SVI" (5505)
> >or SubInterface (5520).
>
> Many if not most router platforms do that these days, in fact.
>
>
> >HP switch don't like that much, it seems they have only one global
> >forwarding database across all VLAN, by deduction I guess catalyst have
> >one forwarding database per VLAN.
>
> Only the cheapest, nastiest switches do not have a per-VLAN MAC
> forwarding database. I do not recall the exact model numbers but
> anything recent from HP should work.
>
>
> -- Niels.
>
> --
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list