From: Anderson Alves (mota_anderson@hotmail.com)
Date: Sun May 04 2008 - 20:22:58 ART
You got it; the routers will be updating their arp table with the same ip
address and different mac-address, that's where Gratuitous Arp comes into
play.
Try this out, have some fun!!!
Cheers,
Anderson Mota Alves
CCIE3 #16778 (R/S, SP and Security)
Technical Instructor
http://www.netmetric-solutions.com
http://www.andersonalves.net
-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Rajakumar Ramasamy
Enviado el: Monday, May 05, 2008 12:48 AM
Para: Anderson Alves
CC: ccielab@groupstudy.com
Asunto: Re: HSRP + Port Security
Thanks Anderson for your quick response. Does this mean , if active routers
fails , the standby router mac-address advertised so that hosts on the
segment will have a new mac-address to reach the default gateway?.
On 5/4/08, Anderson Alves <mota_anderson@hotmail.com> wrote:
>
> Hi Rajakumar,
>
> I would definitely change the standby mac-address on both routers to use
> different mac-address each one of them.
>
> Example:
>
> R1:
> Int fa0/0
> Standby 1 mac-address 0000.0000.0001
> Standby 1 ip address xx.xx.xx.xx
> Standby 1 preempt
>
>
> R2:
> Int fa0/0
> Standby 1 mac-address 0000.0000.0002
> Standby 1 ip address xx.xx.xx.xx
> Standby 1 preempt
>
>
> On the switches sides, manually configure the new mac-address entries of
> the
> HSRP.
>
>
>
> HTH,
>
> Anderson Mota Alves
> CCIE3 #16778 (R/S, SP and Security)
> Technical Instructor
> http://www.netmetric-solutions.com
> http://www.andersonalves.net
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
> Rajakumar Ramasamy
> Enviado el: Sunday, May 04, 2008 11:45 PM
> Para: ccielab@groupstudy.com
> Asunto: HSRP + Port Security
>
> Hello,
>
>
>
> I know the following methods to enable port-security on interfaces, which
> are connected to routers where HSRP is configured.
>
>
>
> Options 1:
>
>
>
> switchport port-security
>
> switchport port-security maximum 2
>
>
>
>
>
> Option 2
>
>
>
> Standby use-bia
>
>
>
> switchport port-security
>
> switchport port-security maximum 1
>
>
>
> However instead of using the above options, I am trying the following
> since
> my requirement is to retain the mac addresses when a switch reloads. I get
> duplicate mac-address error message on the switch interface where Passive
> router is connected.
>
>
>
>
>
> SW1
>
> switchport port-security
>
> switchport port-security maximum 2
>
> switchport port-security mac-address <Active router MAC>
>
> switchport port-security mac-address <Virtual mac-address>
>
>
>
> SW2
>
>
>
> switchport port-security
>
> switchport port-security maximum 2
>
> switchport port-security mac-address <Passive router MAC>
>
> switchport port-security mac-address <Virtual mac-address>
>
>
>
>
>
> Duplicate mac-address found error message. How to resolve the above
> issue?
>
>
>
> Thanks
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART