Different networks on same switch

[Wayne Pascoe]

Hi all,

I have a firewall with three network cards. There are two networks on
the inside of the firewall. One is private IP's and those are NATted by
the firewall. The other is public IP's being protected by the firewall.

The two internal networks used to be on separate switches. All of the
machines on that network connected to a switch, and that switch
connected to the firewall. 

I've had to move all of the connections to a single switch, and since
then, I've been seeing the following in my firewall logs:

Feb 26 11:30:40 styx-tmp kernel: arp: 192.168.2.1 is on lo0 but got
reply from 00:01:03:48:79:2d on xl1
Feb 26 11:31:18 styx-tmp kernel: arp: 193.xxx.xxx.1 is on lo0 but got
reply from 00:04:76:8c:95:db on xl0
Feb 26 11:36:00 styx-tmp kernel: arp: 192.168.2.1 is on lo0 but got
reply from 00:01:03:48:79:2d on xl1
Feb 26 11:40:17 styx-tmp kernel: arp: 193.xxx.xxx.1 is on lo0 but got
reply from 00:04:76:8c:95:db on xl0

I've tried the following:
- Deleting all arp entries (arp -da)
- Adding specific arp entries for the IP's as follows:
  arp -s 193.xxx.xxx.1 00:04:76:8c:95:db 
  and
  arp -s 193.xxx.xxx.1 00:04:76:8c:95:db only
  and done the same for the 192 IP and ether address.

Is there any way I can resolve this, or do I have to go back to multiple
switches ? Is this causing any problems ?

The reason I ask all of this is that people on the 192 network are
complaining about occasional lags.

Regards,


-- 
Wayne Pascoe
You cannot apply a technological solution to
a sociological problem. (Edwards' Law)