Port-security with HSRP

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Fri Mar 24 2006 - 16:24:21 GMT-3

• Next message: Sam K.: "Re: voice problem"
• Previous message: Ted McDermott: "NBAR Capabilities Question"
• Next in thread: Alexei Monastyrnyi: "Re: Port-security with HSRP"
• Maybe reply: Alexei Monastyrnyi: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "RE: Port-security with HSRP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was working through some different solutions with port-security with
HSRP. If there is a requirement to lockdown a specific port connected
to a router that is running HSRP, I see two different solutions.

First one being, to put the command "standby use-bia" and force the
router to use the bia (or configured mac for the virtual ip). Or, we
can also use the following (adding a second mac to the switchport
config). As below....

Current configuration : 304 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 switchport port-security mac-address sticky
 switchport port-security mac-address 0000.0c07.ac01 <- router
mac-address
 switchport port-security mac-address sticky 0008.a3fc.a661 <-virtual
mac-address assigned by HSRP
end

Any reason why each of these would not be valid?

Also, it appears that we can statically configure the mac, or, use the
sticky (and save the config)....depending on the requirements.

Dave Schulz

Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >

• Next message: Sam K.: "Re: voice problem"
• Previous message: Ted McDermott: "NBAR Capabilities Question"
• Next in thread: Alexei Monastyrnyi: "Re: Port-security with HSRP"
• Maybe reply: Alexei Monastyrnyi: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: xprtofnet: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "Re: Port-security with HSRP"
• Maybe reply: Mushtaq A. Khan: "Re: Port-security with HSRP"
• Maybe reply: Schulz, Dave: "RE: Port-security with HSRP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3