From: Balaji Siva (bsivasub@gmail.com)
Date: Mon Feb 14 2005 - 22:03:20 GMT-3
Sure. Just throwing out the obvious thing to look. He may be able to
still check the logs and get lucky.
But it is odd to configure port-security for a router port. Hopefully
that port should be "secure" in the data center or your networking
closet so you don't have to configure port-security.
Balaji
On Mon, 14 Feb 2005 15:10:41 -0500, Brian Dennis
<bdennis@internetworkexpert.com> wrote:
> He was asking what type of configuration would cause this problem since
> he can't recall what the cause was when it happened last. Kind of hard
> to look at the error message if you can't recreate the problem ;-)
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> bdennis@internetworkexpert.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: Balaji Siva [mailto:bsivasub@gmail.com]
> Sent: Monday, February 14, 2005 12:05 PM
> To: Brian Dennis
> Cc: gladston@br.ibm.com; ccielab@groupstudy.com
> Subject: Re: Port-Secure
>
> Actually, there should have been an error message stating which mac
> address caused the violation. You can just look at that and go from
> there.
>
> Balaji
>
> On Mon, 14 Feb 2005 15:03:27 -0500, Brian Dennis
> <bdennis@internetworkexpert.com> wrote:
> > HSRP for one:
> >
> > R1:
> > interface Ethernet0/0
> > description - VLAN 19 to the PIX and IDS
> > ip address 183.1.19.1 255.255.255.0
> > half-duplex
> > standby 1 ip 183.1.19.254
> > end
> >
> > Rack1SW1#sho arp | in Vlan19
> > Internet 183.1.19.254 2 0000.0c07.ac01 ARPA Vlan19
> > Internet 183.1.19.7 - 000a.f4f3.e780 ARPA Vlan19
> > Internet 183.1.19.1 0 00d0.586e.b720 ARPA Vlan19
> > Rack1SW1#
> > Rack1SW1#sho mac-a int fa0/1 <-- Port R1 is connected to
> > Mac Address Table
> > -------------------------------------------
> >
> > Vlan Mac Address Type Ports
> > ---- ----------- -------- -----
> > 19 0000.0c07.ac01 DYNAMIC Fa0/1
> > 19 00d0.586e.b720 DYNAMIC Fa0/1
> > Total Mac Addresses for this criterion: 2
> > Rack1SW1#
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> >
> > bdennis@internetworkexpert.com
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Direct: 775-745-6404 (Outside the US and Canada)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > gladston@br.ibm.com
> > Sent: Monday, February 14, 2005 11:17 AM
> > To: ccielab@groupstudy.com
> > Subject: Port-Secure
> >
> > Have you ever had a problem with port-secure blocking a port where
> just
> > one router was connected?
> >
> > I had this problem last year, but trying to reproduce it without
> > success.
> > The configuration was:
> >
> > Rx---cat
> >
> > on cat:
> > int fast 0/3
> > switchport mode access
> > switchport access vlan 12
> > switchport port-secure
> > switchport port-security mac-address 0001.42bb.9512
> >
> > I am wondering what protocol could be sourcing frames with a diferent
> > Mac on vlan 12 that would cause CAT to block the port.
> >
> > Any feedback appreciated.
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3