Re: sticky MAC security!

From: ccie girl (ccieangel@googlemail.com)
Date: Mon Apr 07 2008 - 09:34:54 ART

• Next message: Z Linux: "LAB STrategy...Views"
• Previous message: ccie girl: "RE: sticky MAC security!"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Next in thread: Atanas Yankov: "Re: sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yet again Antonio comes up trumps! The 'standby use-bia' command was missing
from the router interface that the port security on the 3750 was supposed to
target. Without this I guess the port was seeing at least two MACs on start
up and going straight to err-disable.

On 4/7/08, Antonio Soares <amsoares@netcabo.pt> wrote:
>
> I see two options:
>
> - "standby use-bia"
> - "standby mac-address xxxx.xxxx.xxxx"
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473 (R&S),CCNP,CCIP
> JNCIA-ER,JNCIS-ER
> http://pwp.netcabo.pt/amsoares/
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Patrick Galligan
> Sent: segunda-feira, 7 de Abril de 2008 2:35
> To: ccie girl
> Cc: Cisco certification
> Subject: Re: sticky MAC security!
>
> On Mon, Apr 7, 2008 at 9:20 AM, ccie girl <ccieangel@googlemail.com>
> wrote:
> > Hi guys
> >
> > Anyone up that can help me with this ?
> >
> > I am trying to configure port security on a 3750 like this:-
> >
> > interface GigabitEthernet1/0/5
> > switchport access vlan 567
> > switchport mode access
> > switchport port-security
> > switchport port-security mac-address sticky
> > switchport port-security mac-address 0008.2196.1341 - this is the
> > MAC of my router f0/1 port diretly connected.
> >
> > But this doesn't work as I have HSRP configured between this router
> > f0/1 port and another. The only MAC address that works is the standby
> > virtual MAC address.
> >
>
> If you increase the max addresses for that port, it will work.
> However, when the HSRP virtual IP moves to your backup router, it's MAC
> address will still be assigned to g1/0/5, just like a static MAC entry. So
> clients won't be able to talk to the default gateway anymore.
>
> If anyone knows a way of making this work, please speak up :)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Z Linux: "LAB STrategy...Views"
• Previous message: ccie girl: "RE: sticky MAC security!"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Next in thread: Atanas Yankov: "Re: sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART