From: Popgeorgiev Nikolay (nikolay.popgeorgiev@siemens.com)
Date: Wed Jun 28 2006 - 03:43:15 ART
Hello group,
I know that this topic had been discussed a lot. I had already read all posts about this topic and still no clear answer to the simple question:
How to use port-security together with HSRP without using USE-BIA.
There were some answers to the question which advices to allow on the switch two mac addresses instead of one and to write both the interface and the virtual mac address of the routers
but the switch says that the same MAC address is already been used. And this is absolutely normal. So this is not an option.
What about using this kind of solution ?
R1
interface FastEthernet0/0
ip address 1.1.1.10 255.255.255.0
standby 1 ip 1.1.1.1
standby 1 priority 120
standby 1 preempt
standby 1 mac-address 4000.1000.1061
R2
interface FastEthernet0/0
ip address 1.1.1.20 255.255.255.0
duplex auto
speed auto
standby 1 ip 1.1.1.1
standby 1 preempt
standby 1 mac-address 4000.1000.1060
SW
interface FastEthernet0/2
switchport access vlan 101
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0016.c876.44e8
switchport port-security mac-address sticky 4000.1000.1060
!
interface FastEthernet0/5
switchport access vlan 101
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0016.c876.6200
switchport port-security mac-address sticky 4000.1000.1061
Please guys tell me what do you think ?
Best,
Nick
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART