From: Sila Moni (silamoni@yahoo.com)
Date: Mon Jun 27 2005 - 14:20:26 GMT-3
I was under the impression that use-bia is for token
ring only. Perhaps, that's why it is not working as
expected.
In reference to this topic, I've a security question
for our fellow GS.
Lets add a 3550 in the scenerio. You are required to
use port security (aaaa.bbbb.cccc.dddd) for the port
that you have your router plugged into. In order to
maintain operatability on your HSRP, you should use
standby mac-address command for the virtual mac@.
Can someone confirm this please?
--- Thomwin Chen <thomwin_chen@yahoo.com> wrote:
> Hi All,
>
> in cisco web
>
> ... because when HSRP is enabled, Internet Control
> Message Protocol (ICMP) redirect messages are
> disabled. ...
>
> this sentence is taken from :
>
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a9829.shtml
>
> and also :
>
> ... Proxy ARP breaks when use-bia is configured. A
> standby router cannot cover for the lost proxy ARP
> database of a failed router...
>
> this sentence is taken from :
>
>
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml
>
> but, when I configured HSRP like this one below :
>
> ROUTER-A#show run int fa0/0
> Building configuration...
> Current configuration : 190 bytes
> !
> interface FastEthernet0/0
> description LAN between ROUTER-A and ROUTER-B
> ip address 172.16.1.129 255.255.255.192
> speed auto
> half-duplex
> standby use-bia
> standby 1 ip 172.16.1.100
> standby 1 priority 105
> end
>
> ROUTER-A#show standby
> FastEthernet0/0 - Group 1
> Local state is Active, priority 105, use bia
> Hellotime 3 sec, holdtime 10 sec
> Next hello sent in 1.262
> Virtual IP address is 172.16.1.100 configured
> Active router is local
> Standby router is 172.16.1.130 expires in 8.916
> Virtual mac address is 0007.ebae.d020
> 5 state changes, last state change 00:12:08
>
> The output of show ip int fa0/0 is like this :
>
> ROUTER-A#show ip int fa0/0
> FastEthernet0/0 is up, line protocol is up
> Internet address is 172.16.1.129 255.255.255.192
> Broadcast address is 255.255.255.255
> Address determined by configuration file
> MTU is 1500 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled
> Multicast reserved groups joined: 224.0.0.5
> 224.0.0.6 224.0.0.2
> Outgoing access list is not set
> Inbound access list is not set
> Proxy ARP is enabled
> Security level is default
> Split horizon is enabled
> ICMP redirects are always sent
> ICMP unreachables are always sent
> ICMP mask replies are never sent
> IP fast switching is enabled
> IP fast switching on the same interface is
> disabled
> IP Flow switching is disabled
> IP Fast switching turbo vector
> IP multicast fast switching is enabled
> IP multicast distributed fast switching is
> disabled
> IP route-cache flags are Fast
> Router Discovery is disabled
> IP output packet accounting is disabled
> IP access violation accounting is disabled
> TCP/IP header compression is disabled
> RTP/IP header compression is disabled
> Probe proxy name replies are disabled
> Policy routing is disabled
> Network address translation is disabled
> WCCP Redirect outbound is disabled
> WCCP Redirect inbound is disabled
> WCCP Redirect exclude is disabled
> BGP Policy Mapping is disabled
>
> Notice that Proxy ARP still enabled on Fa0/0 and
> ICMP redirects is still sent to Fa0/0
>
> Am I missing something ?
>
> thanks in advance
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3