[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: AW: [FW1] backup firewall
Thanks for this info, it's quite interesting and useful. ========================================================= Best, Roman M. Zeltser RS Information Systems, Inc.NCC, DNE *** Securing your retirement money from hackers.*** -----Original Message----- From: Ejvind Kristian [mailto:[email protected]] Sent: Thursday, December 21, 2000 4:18 AM To: 'Axel Eble'; Zeltser, Roman Cc: [email protected]; [email protected]; [email protected] Subject: RE: AW: [FW1] backup firewall > > I wonder why you are going to copy MAC addresses for the network cards that > > have they own MAC addresses? Correct me if I'm wrong, but every network > > card has a unique MAC address in the entire world. The only option is left > > to remove the NICs from the dead firewall and insert it into the backup > > firewall. It this case copied ARP configuration will be eligible and > > correct. > > In principle, you are correct. But: Sun has only one MAC address per > Machine since the MAC addresses are part of the host ID and > not built-in into the network adapters. It is true that every network port in the world has it's own unique MAC address, even for Suns. Wheither to use it or not, that's another issue. For Sun's, the network ports that are built into the mother board get their MAC-address from the hostid prom. If there are several ports, the last digit is incremented by 1 for each port. All add-in ports have their own MAC-address programmed into them. However, by default Suns uses the MAC-address of the first port for all ports. There's a variable in the OBP EEPROM, 'local-mac-address?', which, if set to 'true', forces the machine to use the programmed-in MAC-address for all ports, instead of the address of the first port (=hostid-based). The ethernet standard says the all machines on a single ethernet segment must have unique MAC addresses, and says nothing about a single machine having the same address on several segments. I don't know really why, but I've seen recommendations from several sources, that if you have many network ports on a Sun, you can increase performance if you let the network ports use their own addresses (= "setenv local-mac-address?=true") /Kristian ----------------------------------------- Kristian Ejvind - [email protected] System admin at SPP Investment Management ----------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|