From: Spyros Kranis (skranis@algosystems.gr)
Date: Sat Jul 02 2005 - 10:01:47 GMT-3
Dear group,
I have two routers R6 and R7 with their Ethernet interfaces connected on the
same vlan at a 3550 ( fa0/6 and fa0/7)
HSRP is enabled between the routers and port security is enabled on the two
ports of the switch.
Below is my config regarding the switch:
interface FastEthernet0/6
switchport access vlan 567
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00e0.b0fa.251c
end
SW2#
SW2#sh run int fa0/7
Building configuration...
Current configuration : 357 bytes
!
interface FastEthernet0/7
switchport access vlan 567
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0000.0c07.ac01 <----- virtual
mac
switchport port-security mac-address sticky 0000.0c8e.de9c
end
The fa0/7 is the active router for the hsrp group.
I configured the sticky learn in order to automatically catch the virtual
mac.
When I issue the shut command at the Ethernet of R7 and waiting the R6 to
take over. this is what I look at my switch...
06:34:30: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
caused by MAC address 0000.0c07.ac01 on port FastEthernet0/6.
This is obvious because the mac address is already sticky learned at the
fa0/7.
Any ideas to configure static mac port security with hsrp ON THE SAME
SWITCH.
TIA
Skra
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3