From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Fri Mar 24 2006 - 17:58:34 GMT-3
they usually give you a sign what to choose, saying "not use BIA" or
something along those lines
A.
----- Original Message -----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
To: <ccielab@groupstudy.com>
Sent: Friday, March 24, 2006 8:24 PM
Subject: Port-security with HSRP
>I was working through some different solutions with port-security with
> HSRP. If there is a requirement to lockdown a specific port connected
> to a router that is running HSRP, I see two different solutions.
>
> First one being, to put the command "standby use-bia" and force the
> router to use the bia (or configured mac for the virtual ip). Or, we
> can also use the following (adding a second mac to the switchport
> config). As below....
>
> Current configuration : 304 bytes
> !
> interface FastEthernet0/1
> switchport access vlan 10
> switchport mode access
> switchport port-security
> switchport port-security maximum 2
> switchport port-security mac-address sticky
> switchport port-security mac-address 0000.0c07.ac01 <- router
> mac-address
> switchport port-security mac-address sticky 0008.a3fc.a661 <-virtual
> mac-address assigned by HSRP
> end
>
> Any reason why each of these would not be valid?
>
> Also, it appears that we can statically configure the mac, or, use the
> sticky (and save the config)....depending on the requirements.
>
>
> Dave Schulz
>
> Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3