RE: hsrp + port security

From: simon hart (simon.hart@btinternet.com)
Date: Sat Jul 02 2005 - 15:53:09 GMT-3

• Next message: Chad Hintz: "Problem on reboot of image"
• Previous message: Anthony Sequeira: "Re: Materials provided at lab?"
• Maybe in reply to: Spyros Kranis: "hsrp + port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When configuring hsrp on your routers try using the use-bia command. By
adopting this you will then be able to make use of Port security and not
rely on virtual macs

Simon

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Spyros Kranis
Sent: 02 July 2005 14:38
To: 'Lee Donald'; ccielab@groupstudy.com
Subject: RE: hsrp + port security

Hi Lee,
Thanks for the response.
I tried this already but I'm getting the msg that there is a duplicate mac
address.
This works fine if the two routers are connected to different switches

That is why, at the end of my email I mention that this is done on the same
switch.

TIA

Skra

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Lee
Donald
Sent: Saturday, July 02, 2005 4:23 PM
To: 'Spyros Kranis'; ccielab@groupstudy.com
Subject: RE: hsrp + port security

Spyros,

You would have to statically configure the virtual mac on both ports.
Now that you know it, through sticky on port fa0/7, configure it on fa0/6.

Regards

Lee.

-----Original Message-----
From: Spyros Kranis [mailto:skranis@algosystems.gr]
Sent: Saturday, July 02, 2005 2:02 PM
To: ccielab@groupstudy.com
Subject: hsrp + port security

Dear group,

I have two routers R6 and R7 with their Ethernet interfaces connected on the
same vlan at a 3550 ( fa0/6 and fa0/7)

HSRP is enabled between the routers and port security is enabled on the two
ports of the switch.

Below is my config regarding the switch:

interface FastEthernet0/6

 switchport access vlan 567

 switchport mode access

 switchport port-security

 switchport port-security maximum 2

 switchport port-security violation restrict

 switchport port-security mac-address sticky

 switchport port-security mac-address sticky 00e0.b0fa.251c

end

SW2#

SW2#sh run int fa0/7

Building configuration...

Current configuration : 357 bytes

!

interface FastEthernet0/7

 switchport access vlan 567

 switchport mode access

 switchport port-security

 switchport port-security maximum 2

 switchport port-security violation restrict

 switchport port-security mac-address sticky

 switchport port-security mac-address sticky 0000.0c07.ac01 <----- virtual
mac

 switchport port-security mac-address sticky 0000.0c8e.de9c

end

The fa0/7 is the active router for the hsrp group.

I configured the sticky learn in order to automatically catch the virtual
mac.

When I issue the shut command at the Ethernet of R7 and waiting the R6 to
take over. this is what I look at my switch...

06:34:30: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
caused by MAC address 0000.0c07.ac01 on port FastEthernet0/6.

This is obvious because the mac address is already sticky learned at the
fa0/7.

Any ideas to configure static mac port security with hsrp ON THE SAME
SWITCH.

TIA

Skra

• Next message: Chad Hintz: "Problem on reboot of image"
• Previous message: Anthony Sequeira: "Re: Materials provided at lab?"
• Maybe in reply to: Spyros Kranis: "hsrp + port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3