RE: HSRP and sw port-security

From: Quetta Walla (quetta_1@lycos.com)
Date: Sat Feb 25 2006 - 11:08:01 GMT-3

• Next message: Bajo: "Re: New Search Engine Interface for Doc CD"
• Previous message: blodwick: "RE: BGP Route reflector and Confederation"
• Maybe in reply to: Quetta Walla: "HSRP and sw port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Virtual mac is 0000.0c07.ac00. So even if hardcode it on both r1 and r2, again the switch is going to learn the same mac 0000.0c07.ac00 on 2 different ports or ports that are in the same broadcast domain...even if r1 is conencted to sw1 and r2 to sw2 in the same vlan...its still the same case...ping stops when HSRP active router changes...
With sticky option, it will work only till the active router changes...because then the the port is going to learn the same virtual mac on the port that just became HSRP active, right?

With sw port-security againg static...the min aging time is 1 min.

Any comments...

> ----- Original Message -----
> From: "Ice Fire" <fire_ice@verizon.net>
> To: "'Quetta Walla'" <quetta_1@lycos.com>, ccielab@groupstudy.com
> Subject: RE: HSRP and sw port-security
> Date: Fri, 24 Feb 2006 12:40:05 -0500
>
>
> Why not hard code the virtual mac (HSRP) of R1 as the physical of R1 and the
> virtual mac (HSRP) of R2 as the physical of R2. This way the ports of the
> switch will only see one mac-address even if the ip-address hops from R1 to
> R2. The Mac will change, but traffic will still flow.
>
>
>
> Ice Fire
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Quetta Walla
> Sent: Friday, February 24, 2006 1:55 AM
> To: ccielab@groupstudy.com
> Subject: HSRP and sw port-security
>
> If router R1 and R2 are connected to ports f0/1 and f0/2 of sw respectively.
> R1 and R2 have HSRP enabled on these ports. Now the requirement is also to
> configure port-security on port f0/1 and port f0/2 of the switch which
> should accept only mac-addresses of these routers and can survive a reboot.
> Do not use bia command.
>
> sw
> int f0/1
> sw mo access
> sw access vlan 192
> sw port-security
> sw port-security max 2
>
>
> maximum 2 is to accomodate the virtual mac-add used by HSRP.
>
> Question is, should the mac-address of R1 be hard coded on f0/1 of sw and of
> R2's on f0/2 of sw. Then what about the virtual mac used by HSRP because 2
> similar mac-add cannot be hardcoded on 2 ports of the same switch. This has
> to be done without using bia command.
>
> Thanks
>
> --
> _______________________________________________
>
> Search for businesses by name, location, or phone number. -Lycos Yellow
> Pages
>
> http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp
> ?SRC=lycos10
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

>

-- 

• Next message: Bajo: "Re: New Search Engine Interface for Doc CD"
• Previous message: blodwick: "RE: BGP Route reflector and Confederation"
• Maybe in reply to: Quetta Walla: "HSRP and sw port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:18 GMT-3