Re: HSRP and port-security...

From: Radoslav Vasilev (deckland@gmail.com)
Date: Thu Sep 21 2006 - 10:38:47 ART

• Next message: Brad Ellis: "Re: ccie voice Lab equipment"
• Previous message: Peter Cresswell: "Lab Date in Brussels"
• Maybe in reply to: Tony Paterra: "HSRP and port-security..."
• Next in thread: Tony Paterra: "Re: HSRP and port-security..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tony,

Rack1SW1(config-if)#switchport port-security mac-address 0015.c678.6a98
Found duplicate mac-address 0015.c678.6a98.

Rack1SW1(config-if)#do clear mac-addr dynamic
Rack1SW1(config-if)#switchport port-security mac-address 0015.c678.6a98

interface GigabitEthernet1/0/6
 switchport access vlan 5
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0015.c678.6a98
 shutdown

Rack1SW1(config)#int gi 1/0/6
Rack1SW1(config-if)#no shu
Rack1SW1(config-if)#no shutdown

On 9/21/06, Tony Paterra <apaterra@gmail.com> wrote:
> I was playing with a lab and came across one of those dependant
> "gotchas" with HSRP and port-security. I'm trying to minimize the
> number of port-security mac-addresses on the switch and still enable
> HSRP to function properly.
>
> 2 questions...
>
> 1.) I am unable to allow the virtual mac-address on both switchports
> as it gives me an error... How can I account for the Active router
> going down and the Standby picking it up?
>
> SW1#
> interface GigabitEthernet0/1
> switchport access vlan 99
> switchport mode access
> switchport port-security maximum 2
> switchport port-security
> switchport port-security mac-address <virtual mac-address>
>
> interface GigabitEthernet0/2
> switchport access vlan 99
> switchport mode access
> switchport port-security maximum 2
> switchport port-security
> switchport port-security mac-address <virtual mac-address>
>
> ERROR: Found duplicate mac-address 0000.0c07.ac01.
>
>
> 2.) Outside of use-bia, is there something I'm missing here? The
> best way I see to do this is to put static allow's in for the BIA on
> the interfaces and one sticky for the virtual. Should I be playing
> with the timers for port-security or mac-address-table aging?
>
>
> Thanks in advance,
> --
> Tony Paterra
> apaterra@gmail.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Brad Ellis: "Re: ccie voice Lab equipment"
• Previous message: Peter Cresswell: "Lab Date in Brussels"
• Maybe in reply to: Tony Paterra: "HSRP and port-security..."
• Next in thread: Tony Paterra: "Re: HSRP and port-security..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART