Re: Port Security over hsrp network

From: Peter McCreesh (petermccreesh@gmail.com)
Date: Mon Nov 28 2005 - 11:06:16 GMT-3

• Next message: David Fuller: "OT: Domain Reg and Hosting"
• Previous message: Chris Lewis: "RE: Eigrp Secondary address question ?"
• Maybe in reply to: Desmond Ong: "Port Security over hsrp network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Des,
looks like the issue is being caused by the sticky command. The HSRP mac is
registered on F0/1 (because of the sticky config) and when it moves to F0/2.
the switch sees this as being an issue.

If you wanted to use the sticky config, you could configure the routers to
use the bia as the hsrp mac address (standby use-bia).

Hope i'm understanding your issue OK.

...Pete

On 11/27/05, Desmond Ong <ongdes@singnet.com.sg> wrote:
>
> Hi there,
>
> I am configuring port-security on my 3550 switch on fa0/1 and fa0/2.
> these ports are connected to R1 and R2 respectively in the same vlan
> running hsrp. However, I notice that when I shut down fa0/1, The HRSP
> virtual mac address is transfer to R2. and I received the following
> error message.
>
> "00:04:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
> occurred, caused by MAC address 0000.0c07.ac01 on port FastEthernet0/2."
>
> Below is my config. Hope to hear from u guys.
>
> Tks!
>
> Des
>
>
>
> interface FastEthernet0/1
> switchport access vlan 10
> switchport mode access
> switchport port-security
> switchport port-security maximum 2
> switchport port-security violation restrict
> switchport port-security mac-address sticky
> switchport port-security mac-address sticky 0000.0c07.ac01
> switchport port-security mac-address sticky 0003.e327.89e0
> !
> interface FastEthernet0/2
> switchport access vlan 10
> switchport mode access
> switchport port-security
> switchport port-security maximum 2
> switchport port-security violation restrict
> switchport port-security mac-address sticky
> switchport port-security mac-address sticky 0000.0c5d
> !
> !
> 00:06:32: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
> occurred, caused by MAC address 0000.0c07.ac01 on port
> FastEthernet0/2..7174
> !
> !
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: David Fuller: "OT: Domain Reg and Hosting"
• Previous message: Chris Lewis: "RE: Eigrp Secondary address question ?"
• Maybe in reply to: Desmond Ong: "Port Security over hsrp network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3