From: Ice Fire (fire_ice@verizon.net)
Date: Fri Feb 24 2006 - 14:40:05 GMT-3
Why not hard code the virtual mac (HSRP) of R1 as the physical of R1 and the
virtual mac (HSRP) of R2 as the physical of R2. This way the ports of the
switch will only see one mac-address even if the ip-address hops from R1 to
R2. The Mac will change, but traffic will still flow.
Ice Fire
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Quetta Walla
Sent: Friday, February 24, 2006 1:55 AM
To: ccielab@groupstudy.com
Subject: HSRP and sw port-security
If router R1 and R2 are connected to ports f0/1 and f0/2 of sw respectively.
R1 and R2 have HSRP enabled on these ports. Now the requirement is also to
configure port-security on port f0/1 and port f0/2 of the switch which
should accept only mac-addresses of these routers and can survive a reboot.
Do not use bia command.
sw
int f0/1
sw mo access
sw access vlan 192
sw port-security
sw port-security max 2
maximum 2 is to accomodate the virtual mac-add used by HSRP.
Question is, should the mac-address of R1 be hard coded on f0/1 of sw and of
R2's on f0/2 of sw. Then what about the virtual mac used by HSRP because 2
similar mac-add cannot be hardcoded on 2 ports of the same switch. This has
to be done without using bia command.
Thanks
--
This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:18 GMT-3