Re: sticky MAC security!

From: Atanas Yankov (xdsgrrr@consultcommerce.com)
Date: Mon Apr 07 2008 - 09:59:37 ART

• Next message: dave dave: "Storage Design assignment need GS help"
• Previous message: Joseph Brunner: "RE: LAB STrategy...Views"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Next in thread: Gary Duncanson: "Re: sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This command standby use-bia is telling to router or switch to use own
burnt-in mac address insted of default range of hsrp addresses for
virtual ip address so if you use this command you will se on other side
only one mac address in other hand you will see 2 mac addresses if not
use it .
br,
Atanas Yankov

On Mon, 2008-04-07 at 13:34 +0100, ccie girl wrote:
> Yet again Antonio comes up trumps! The 'standby use-bia' command was missing
> from the router interface that the port security on the 3750 was supposed to
> target. Without this I guess the port was seeing at least two MACs on start
> up and going straight to err-disable.
>
> On 4/7/08, Antonio Soares <amsoares@netcabo.pt> wrote:
> >
> > I see two options:
> >
> > - "standby use-bia"
> > - "standby mac-address xxxx.xxxx.xxxx"
> >
> >
> > Regards,
> >
> > Antonio Soares
> > CCIE #18473 (R&S),CCNP,CCIP
> > JNCIA-ER,JNCIS-ER
> > http://pwp.netcabo.pt/amsoares/
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Patrick Galligan
> > Sent: segunda-feira, 7 de Abril de 2008 2:35
> > To: ccie girl
> > Cc: Cisco certification
> > Subject: Re: sticky MAC security!
> >
> > On Mon, Apr 7, 2008 at 9:20 AM, ccie girl <ccieangel@googlemail.com>
> > wrote:
> > > Hi guys
> > >
> > > Anyone up that can help me with this ?
> > >
> > > I am trying to configure port security on a 3750 like this:-
> > >
> > > interface GigabitEthernet1/0/5
> > > switchport access vlan 567
> > > switchport mode access
> > > switchport port-security
> > > switchport port-security mac-address sticky
> > > switchport port-security mac-address 0008.2196.1341 - this is the
> > > MAC of my router f0/1 port diretly connected.
> > >
> > > But this doesn't work as I have HSRP configured between this router
> > > f0/1 port and another. The only MAC address that works is the standby
> > > virtual MAC address.
> > >
> >
> > If you increase the max addresses for that port, it will work.
> > However, when the HSRP virtual IP moves to your backup router, it's MAC
> > address will still be assigned to g1/0/5, just like a static MAC entry. So
> > clients won't be able to talk to the default gateway anymore.
> >
> > If anyone knows a way of making this work, please speak up :)
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: dave dave: "Storage Design assignment need GS help"
• Previous message: Joseph Brunner: "RE: LAB STrategy...Views"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Next in thread: Gary Duncanson: "Re: sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART