Re: port security question

From: Tarun Pahuja (pahujat@gmail.com)
Date: Mon Nov 05 2007 - 15:48:49 ART

• Next message: Joseph Brunner: "RE: Any way to force OSPF DR other than "priority 0"?"
• Previous message: shiran guez: "Re: ospf virtual-link over totally stubby area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joe,

If sticky learning is disabled, the sticky secure MAC addresses are
converted to dynamic secure addresses and are removed from the running
configuration.

HTH,
Tarun

On 10/30/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> I was reviewing on the IPEXPERT labs and I lead my studies into a further
> question.
>
>
>
> We all know this is a port with both port security and HSRP configured
> using
> sticky learning.
>
>
>
>
>
> interface GigabitEthernet0/1
>
> switchport mode access
>
> switchport port-security maximum 2
>
> switchport port-security
>
> switchport port-security mac-address sticky
>
> switchport port-security mac-address sticky 0000.0c07.ac01
>
> switchport port-security mac-address sticky 001a.6d06.10b8
>
> end
>
>
>
>
>
> The question I had was how do we ONLY allow the physical address (assume
> it
> the first address learned to be sticky) and the second mac that is learned
> later (the hsrp address) to be ONLY known as a dynamic static secure
> address
> (i.e. it will NOT become part of the config, etc)
>
>
>
> Thanks,
>
>
>
> Joe
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joseph Brunner: "RE: Any way to force OSPF DR other than "priority 0"?"
• Previous message: shiran guez: "Re: ospf virtual-link over totally stubby area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART