RE: HSRP + Port Security

From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Mon May 05 2008 - 10:24:12 ART

• Next message: Todd, Douglas M.: "RE: LLQ traffic behavior if no congestion"
• Previous message: Carlos Trujillo: "Re: tail drop"
• Maybe in reply to: Rajakumar Ramasamy: "HSRP + Port Security"
• Next in thread: akyccie: "Re: HSRP + Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just one addition:

The standby mac would work fine if you use the bia address of the primary. Just
hope there is not port security on the primary and secondary. I don't think
that this would be a possible solution with one mac address. The same mac can
not live on both phy, hsrp mac is fine.

Anyone else have some solutions to this?

Port security on both primary and secondary hsrp switch interfaces? (1 mac
only).
Just currious.

DMT

-----Original Message-----
From: nobody@groupstudy.com on behalf of Anderson Alves
Sent: Sun 5/4/2008 6:21 PM
To: 'Rajakumar Ramasamy'; ccielab@groupstudy.com
Subject: RE: HSRP + Port Security
 
Hi Rajakumar,

I would definitely change the standby mac-address on both routers to use
different mac-address each one of them.

Example:

R1:
Int fa0/0
Standby 1 mac-address 0000.0000.0001
Standby 1 ip address xx.xx.xx.xx
Standby 1 preempt

R2:
Int fa0/0
Standby 1 mac-address 0000.0000.0002
Standby 1 ip address xx.xx.xx.xx
Standby 1 preempt

On the switches sides, manually configure the new mac-address entries of the
HSRP.

HTH,

Anderson Mota Alves
CCIE3 #16778 (R/S, SP and Security)
Technical Instructor
http://www.netmetric-solutions.com
http://www.andersonalves.net

-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Rajakumar Ramasamy
Enviado el: Sunday, May 04, 2008 11:45 PM
Para: ccielab@groupstudy.com
Asunto: HSRP + Port Security

Hello,

I know the following methods to enable port-security on interfaces, which
are connected to routers where HSRP is configured.

Options 1:

switchport port-security

switchport port-security maximum 2

Option 2

Standby use-bia

switchport port-security

switchport port-security maximum 1

However instead of using the above options, I am trying the following since
my requirement is to retain the mac addresses when a switch reloads. I get
duplicate mac-address error message on the switch interface where Passive
router is connected.

SW1

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address <Active router MAC>

switchport port-security mac-address <Virtual mac-address>

SW2

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address <Passive router MAC>

switchport port-security mac-address <Virtual mac-address>

Duplicate mac-address found error message. How to resolve the above issue?

Thanks

• Next message: Todd, Douglas M.: "RE: LLQ traffic behavior if no congestion"
• Previous message: Carlos Trujillo: "Re: tail drop"
• Maybe in reply to: Rajakumar Ramasamy: "HSRP + Port Security"
• Next in thread: akyccie: "Re: HSRP + Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART