[TCLUG] Switches with multiple monitoring ports?

Mon Jun 4 12:02:24 CDT 2001

They are going to replace a single MASQing firewall. All traffic was going
through one firewall anyways. Now it will be 2 linux bridges with masq rules
that will failover. We arent using those for public space.

If the bridges cant see the mac addresses of the boxes on both sides of the
bridge then they wont route any data across.

Your absolutely right. It might be better to have a sleeping firewall that
could be awakened with some linux heartbeat software. We are investigating
our options at the present and this was one solutions presented. We were
thinking spanning tree switches with spanning tree bridging firewalls. Right
now we are just compiling a pro's and con's list for the different options.
One of the con's is having to purchase different switches. But I need to know
what kinda of switches to get for this configuration and there price.

Ben Kochie wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> why in the world would you need both linux servers to have access to all
> traffic on the network, that's a really _bad_ idea when it comes to
> bandwidth, AND security.  the whole point of having a switch is so that
> traffic between hosts doesn't affect traffic between other servers and
> hosts.  if you need to do failover, the 2 linux servers should have an
> active connection between them, which doesn't require that they monitor
> traffic.
>
> Thank You,
>         Ben Kochie (ben at nerp.net)
>
>  "Unix is user friendly, Its just picky about its friends."
>
> On Mon, 4 Jun 2001, Jason Jorgensen wrote:
>
> > We are trying to setup a couple of linux boxes to act as a bridge so
> > that we have some redundancy if one box fails. To do this the linux
> > boxes need to "see" each other and all traffic on the network. However
> > we are using switches for security and the switches only have
> > capabilities for one monitoring port (a port that sees all traffic, just
> > like a hub would do). We would need 2 monitoring ports on each of our 2
> > switches to allow the bridges to work properly. So I would like some
> > suggestions on switches that would have more than one monitoring port.
> > Right now we are using HP ProCurve 2424's.
> >
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
>
> iQCVAwUBOxufuctpDhsSpvgtAQGRwAQAjsqvjJcMHoYsH4ElrXqPG5E9OCML8qsK
> fonuM1taK5tQ7vzTbWyDE8FY1ePv3NmIWzUEn3TXlsjWNnhlbpEGa1/kqOKFLE0A
> XPwZw17mgkLNN3xXauIvUzHriXyPO04okIfS9DlUZM2c39T+V8vOsNSdS8TQCfCW
> Ia14Xe//qh4=
> =a+7V
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list