Re: sticky MAC security!

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Mon Apr 07 2008 - 11:12:49 ART

• Next message: Amir.Tahir/Wateen/Lahore: "RE: Troubleshooting during Lab"
• Previous message: Joseph Brunner: "RE: Storage Design assignment need GS help"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Antonio is da man!

Always a bit of fun with HSRP

Regards
Gary
----- Original Message -----
From: "ccie girl" <ccieangel@googlemail.com>
To: "Antonio Soares" <amsoares@netcabo.pt>
Cc: "Cisco certification" <ccielab@groupstudy.com>
Sent: Monday, April 07, 2008 1:34 PM
Subject: Re: sticky MAC security!

> Yet again Antonio comes up trumps! The 'standby use-bia' command was
> missing
> from the router interface that the port security on the 3750 was supposed
> to
> target. Without this I guess the port was seeing at least two MACs on
> start
> up and going straight to err-disable.
>
> On 4/7/08, Antonio Soares <amsoares@netcabo.pt> wrote:
>>
>> I see two options:
>>
>> - "standby use-bia"
>> - "standby mac-address xxxx.xxxx.xxxx"
>>
>>
>> Regards,
>>
>> Antonio Soares
>> CCIE #18473 (R&S),CCNP,CCIP
>> JNCIA-ER,JNCIS-ER
>> http://pwp.netcabo.pt/amsoares/
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Patrick Galligan
>> Sent: segunda-feira, 7 de Abril de 2008 2:35
>> To: ccie girl
>> Cc: Cisco certification
>> Subject: Re: sticky MAC security!
>>
>> On Mon, Apr 7, 2008 at 9:20 AM, ccie girl <ccieangel@googlemail.com>
>> wrote:
>> > Hi guys
>> >
>> > Anyone up that can help me with this ?
>> >
>> > I am trying to configure port security on a 3750 like this:-
>> >
>> > interface GigabitEthernet1/0/5
>> > switchport access vlan 567
>> > switchport mode access
>> > switchport port-security
>> > switchport port-security mac-address sticky
>> > switchport port-security mac-address 0008.2196.1341 - this is the
>> > MAC of my router f0/1 port diretly connected.
>> >
>> > But this doesn't work as I have HSRP configured between this router
>> > f0/1 port and another. The only MAC address that works is the standby
>> > virtual MAC address.
>> >
>>
>> If you increase the max addresses for that port, it will work.
>> However, when the HSRP virtual IP moves to your backup router, it's MAC
>> address will still be assigned to g1/0/5, just like a static MAC entry.
>> So
>> clients won't be able to talk to the default gateway anymore.
>>
>> If anyone knows a way of making this work, please speak up :)
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Amir.Tahir/Wateen/Lahore: "RE: Troubleshooting during Lab"
• Previous message: Joseph Brunner: "RE: Storage Design assignment need GS help"
• Maybe in reply to: ccie girl: "sticky MAC security!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART