3C905B & 3C905C NICs in my SPLAT R60 box. Is this my problem?
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Ebersole, Jason Sent: Friday, November 12, 2010 1:58 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] multi-VLANs to Cisco Catalyst Hmmm. I don't see firewall mac address entries on the switch when I run "show mac address-table" -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of David DeSimone Sent: Friday, November 12, 2010 1:27 PM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: Re: [FW-1] multi-VLANs to Cisco Catalyst Your configuration looks right. A good way to check for L2 connectivity is via ARP. Using "arp -a" on SPLAT, can you see the MAC for the two stations? Using "arp -a" on the stations, do they see the MAC for the firewall? On the switch, you should be able to use "show mac-address dynamic" to see what the switch sees on each of its ports, and verify connectivity. One quirk I've seen on Catalyst switches is that a VLAN will appear to be "up" but will not pass traffic unless you activate, by simply specifying "vlan 4" and "vlan 5" to define them. Like so: conf t vlan 4 vlan 5 end Ebersole, Jason <jason.ebers...@sti-ultrasound.com> wrote: > > I've found various information online about how to do this, and I'm > not sure what else to try. Before beating my head against the wall > some more, I thought I'd share my config and hope someone can provide > some insight. First, I'm still on SecurePlatform R60, so be nice! > > Anyway, here is my firewall topology: > > Eth0 --> 3.3.3.1 / 255.255.255.0 / This network > Eth1 --> 4.4.4.1 / 255.255.255.252 / External > Eth2 --> 5.5.5.1 / 255.255.255.252 / This network > Eth3.4 --> 1.1.1.1 / 255.255.255.0 / This network > Eth3.5 --> 2.2.2.1 / 255.255.255.0 / This network > > No IP address on Eth3, so that is why it doesn't show up. My Google > searching says that this is pretty much it as far as SPLAT config. > This will send VLAN IDs 4 & 5 (via 802.1q encapsulation) down the wire > physically attached to Eth3 interface. > > Ok, now the Cisco 3750 switch. I'm working with three interfaces on > the switch. One is a trunk port that connects to the SPLAT Eth3 > interface, and the other two are access ports; one for VLAN4 and the > other for VLAN5: > > Trunk Port: > interface GigabitEthernet2/0/1 > switchport trunk encapsulation dot1q > switchport trunk allowed vlan 4,5 > switchport mode trunk > > Access port for VLAN4: > interface FastEthernet1/0/17 > switchport access vlan 4 > switchport mode access > > Access port for VLAN5: > interface FastEthernet1/0/18 > switchport access vlan 5 > switchport mode access > > No IP Addressing on the vlans as I want routing to happen through the > gateway. Also, this switch is configured as VTP Server, but since I > don't have access ports on other switches for VLAN4 & 5, VTP config > shouldn't matter; at least that's what I think. > > PCs are plugged into the access ports, each configured appropriately: > > PC1 --> Fa1/0/17 (VLAN4) --> 1.1.1.2 / 255.255.255.0 > PC2 --> Fa1/0/18 (VLAN5) --> 2.2.2.2 / 255.255.255.0 > > This should be it, but I see no evidence of any communication using > PINGS and watching the SmartView Tracker. Please let me know if you > see something terriibly wrong with my configuration. > > Thanks, Jason -- David DeSimone == Network Admin == f...@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway.
