From: Tony Paterra (apaterra@gmail.com)
Date: Wed Sep 20 2006 - 23:40:49 ART
I was playing with a lab and came across one of those dependant
"gotchas" with HSRP and port-security. I'm trying to minimize the
number of port-security mac-addresses on the switch and still enable
HSRP to function properly.
2 questions...
1.) I am unable to allow the virtual mac-address on both switchports
as it gives me an error... How can I account for the Active router
going down and the Standby picking it up?
SW1#
interface GigabitEthernet0/1
switchport access vlan 99
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address <virtual mac-address>
interface GigabitEthernet0/2
switchport access vlan 99
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address <virtual mac-address>
ERROR: Found duplicate mac-address 0000.0c07.ac01.
2.) Outside of use-bia, is there something I'm missing here? The
best way I see to do this is to put static allow's in for the BIA on
the interfaces and one sticky for the virtual. Should I be playing
with the timers for port-security or mac-address-table aging?
Thanks in advance,
-- Tony Paterra apaterra@gmail.com
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART