RE: HSRP and Port Security

From: Antonio Soares (amsoares@netcabo.pt)
Date: Fri Mar 02 2007 - 08:31:48 ART

• Next message: Cacca Mucca: "Re: HSRP and Port Security"
• Previous message: Dwi C Taniel: "RE: BGP Conditional Advertising - Bug?"
• Maybe in reply to: Antonio Soares: "HSRP and Port Security"
• Next in thread: Cacca Mucca: "Re: HSRP and Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Thomas,

Yes, I'm using the defaults. The problem occurs when the active router
changes. When this occurs, the stand-by mac is seen in two different ports
on the switch and the switch reports Port Security violation. This makes
sense but if you are not allowed to use "standby use-bia", which options do
we have ? I tried using another HSRP mac but the problem is the same:

+++++++++++++++++++
Rack1SW2(config-if)#
10:40:43: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/4,
putting Fa1/0/4 in err-disable state
10:40:43: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
caused by MAC address 0000.1111.2222 on port FastEthernet1/0/4.
10:40:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/4,
changed state to down
10:40:45: %LINK-3-UPDOWN: Interface FastEthernet1/0/4, changed state to down
+++++++++++++++++++

Thanks.
Antonio

-----Original Message-----
From: Thomas.W.Johnson@chase.com [mailto:Thomas.W.Johnson@chase.com]
Sent: sexta-feira, 2 de Margo de 2007 3:10
To: osuphd2b@yahoo.com; amsoares@netcabo.pt; ccielab@groupstudy.com
Subject: RE: HSRP and Port Security

Are using the default HSRP MAC address? And port-security keeps
err-disabling the ports?

It is a security violation when one of these situations occurs:

*The maximum number of secure MAC addresses have been added to the address
table, and a station whose MAC address is not in the address table attempts
to access the interface.

*An address learned or configured on one secure interface is seen on another
secure interface in the same VLAN.

So, you have two options. Use the standby use-bia command or use the
standby mac-address command.

Hope that helps.

Thomas Johnson
JP Morgan Chase
Global Network Implementation

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Russell
Sent: Thursday, March 01, 2007 8:04 PM
To: Antonio Soares; ccielab@groupstudy.com
Subject: Re: HSRP and Port Security

I have set up a similar lab, and I am not having this problem. Since this
is my first post, I will refrain from sticking my configs in here.

Antonio Soares <amsoares@netcabo.pt> wrote: Hello GS,

I'm having problems understanding why HSRP does not seem to work with Port
Security. R4 and R6 are running HSRP and are connected to SW2 F1/0/4 and
F1/0/6 respectively. Here are the configs: <original message truncated>
 
---------------------------------
Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out.

• Next message: Cacca Mucca: "Re: HSRP and Port Security"
• Previous message: Dwi C Taniel: "RE: BGP Conditional Advertising - Bug?"
• Maybe in reply to: Antonio Soares: "HSRP and Port Security"
• Next in thread: Cacca Mucca: "Re: HSRP and Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:49 ART