From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Wed Apr 05 2006 - 16:38:58 GMT-3
I believe that we had a discussion on this same item a couple of weeks
back. You can do this a couple ways, depending on the requirements
(sorry, if this was already stated).....
First one being, to put the command "standby use-bia" and force the
router to use the bia (or configured mac for the virtual ip). Or, we
can also use the following (adding a second mac to the switchport
config). As below....
Current configuration : 304 bytes
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address 0000.0c07.ac01 <- router
mac-address
switchport port-security mac-address sticky 0008.a3fc.a661 <-virtual
mac-address assigned by HSRP
end
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Leigh Harrison
Sent: Wednesday, April 05, 2006 4:12 AM
To: KC
Cc: Chris Lewis; Group Study (E-mail)
Subject: Re: HSRP + PORT SECURITY
Hey there KC,
I've done this a few times. Rather than use sticky mac, I found it was
much better to type in the mac addresses for the ports and the virtual
one.
LH
KC wrote:
> Very strange to me, I requested 3 times to people to give me the
config. of
> HSRP Routers and Switch , but noone responded me with right solution .
What
> happened to you guys, i am stuck , ehlp me , this is the i guess last
> question i am asking before lab
>
> On 4/4/06, KC <kanwal.chawla@gmail.com> wrote:
>
>> Hey Guys
>>
>> Whenever i configure this thing on one of Switchport, my both routers
HSRP
>> came up in Active states, noone is going standby
>> switchport access vlan 10
>> switchport mode access
>> switchport port-security
>> switchport port-security maximum 2
>> switchport port-security mac-address sticky
>> switchport port-security mac-address sticky 0000.0c07.ac01
>> mac-address
>> switchport port-security mac-address sticky 0008.a3fc.a661
>>
>>
>> On 4/4/06, Chris Lewis <chrlewiscsco@gmail.com> wrote:
>>
>>> KC, I believe the answer to your question will only be found in the
>>> exact wording of the question, which can take many, many forms.
>>>
>>> If you use BIA there will only be one MAC address associated with
each
>>> port, the downside of this is that traffic will be dropped as the
switch
>>> moves that MAC address from one port to another. You can test this
easily
>>> with an extended ping to the HSRP address, or to an address that is
only
>>> reachable via the HSRP setup.
>>>
>>> Remember the lab has nothing to do with what makes sense from a
>>> deployment perspective, it is only tesing you on your ability to
>>>
> configure
>
>>> the equipment to do exactly what the question asks.
>>>
>>> Chris
>>>
>>> On 4/4/06, KC < kanwal.chawla@gmail.com> wrote:
>>>
>>>
>>>> Hey Guys,
>>>>
>>> I know this question has been discussed lots of time , but i just
hve
>>> one
>>> doubt, If we use ((standby use-bia) command in HSRP with Port
security ,
>>>
>>> Router will use its burnt-in address rather to typically HSRP
virtual
>>> address. The problem is whenever standby router will become active,
>>> the virtual mac_Address will be moved to diffrent router. Will it be
>>> acceptable in Lab ??? Will the secodn router become active and
failed
>>> router
>>> will become standby ???
>>>
>>> Any inputs please, i am clearifing becuase after 2 days i have a lab
:D
>>>
>>>
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3