Re: HSRP + Port Security

From: akyccie (akyccie@gmail.com)
Date: Fri May 23 2008 - 02:53:54 ART

• Next message: Salau, Yemi: "RE: Interview question (was :RE: CCIE# 20863)"
• Previous message: Michael Whittle: "Re: EBGP vs. IBGP decision process "problem"?"
• Maybe in reply to: Rajakumar Ramasamy: "HSRP + Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What about if you are not allowed to use "standby use-bia" here. Does the
below config works

SW1
switchport port-security
switchport port-security maximum 2 -----> (router mac + hsrp
virtual mac)
switchport port-security mac-address sticky

SW2
switchport port-security
switchport port-security maximum 2 ------> (router mac + hsrp
virtual mac)
switchport port-security mac-address sticky

aky

----- Original Message -----
From: "Todd, Douglas M." <DTODD@PARTNERS.ORG>
To: "Anderson Alves" <mota_anderson@hotmail.com>; "Rajakumar Ramasamy"
<crrajakumar@gmail.com>; <ccielab@groupstudy.com>
Sent: Monday, May 05, 2008 6:54 PM
Subject: RE: HSRP + Port Security

> Just one addition:
>
> The standby mac would work fine if you use the bia address of the primary.
> Just
> hope there is not port security on the primary and secondary. I don't
> think
> that this would be a possible solution with one mac address. The same mac
> can
> not live on both phy, hsrp mac is fine.
>
> Anyone else have some solutions to this?
>
> Port security on both primary and secondary hsrp switch interfaces? (1
> mac
> only).
> Just currious.
>
>
> DMT
>
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of Anderson Alves
> Sent: Sun 5/4/2008 6:21 PM
> To: 'Rajakumar Ramasamy'; ccielab@groupstudy.com
> Subject: RE: HSRP + Port Security
>
> Hi Rajakumar,
>
> I would definitely change the standby mac-address on both routers to use
> different mac-address each one of them.
>
> Example:
>
> R1:
> Int fa0/0
> Standby 1 mac-address 0000.0000.0001
> Standby 1 ip address xx.xx.xx.xx
> Standby 1 preempt
>
>
> R2:
> Int fa0/0
> Standby 1 mac-address 0000.0000.0002
> Standby 1 ip address xx.xx.xx.xx
> Standby 1 preempt
>
>
> On the switches sides, manually configure the new mac-address entries of
> the
> HSRP.
>
>
>
> HTH,
>
> Anderson Mota Alves
> CCIE3 #16778 (R/S, SP and Security)
> Technical Instructor
> http://www.netmetric-solutions.com
> http://www.andersonalves.net
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
> Rajakumar Ramasamy
> Enviado el: Sunday, May 04, 2008 11:45 PM
> Para: ccielab@groupstudy.com
> Asunto: HSRP + Port Security
>
> Hello,
>
>
>
> I know the following methods to enable port-security on interfaces, which
> are connected to routers where HSRP is configured.
>
>
>
> Options 1:
>
>
>
> switchport port-security
>
> switchport port-security maximum 2
>
>
>
>
>
> Option 2
>
>
>
> Standby use-bia
>
>
>
> switchport port-security
>
> switchport port-security maximum 1
>
>
>
> However instead of using the above options, I am trying the following
> since
> my requirement is to retain the mac addresses when a switch reloads. I get
> duplicate mac-address error message on the switch interface where Passive
> router is connected.
>
>
>
>
>
> SW1
>
> switchport port-security
>
> switchport port-security maximum 2
>
> switchport port-security mac-address <Active router MAC>
>
> switchport port-security mac-address <Virtual mac-address>
>
>
>
> SW2
>
>
>
> switchport port-security
>
> switchport port-security maximum 2
>
> switchport port-security mac-address <Passive router MAC>
>
> switchport port-security mac-address <Virtual mac-address>
>
>
>
>
>
> Duplicate mac-address found error message. How to resolve the above
> issue?
>
>
>
> Thanks
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
> The information transmitted in this electronic communication is intended
> only
> for the person or entity to whom it is addressed and may contain
> confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other
> use of or taking of any action in reliance upon this information by
> persons or
> entities other than the intended recipient is prohibited. If you received
> this
> information in error, please contact the Compliance HelpLine at
> 800-856-1983 and
> properly dispose of this information.
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Salau, Yemi: "RE: Interview question (was :RE: CCIE# 20863)"
• Previous message: Michael Whittle: "Re: EBGP vs. IBGP decision process "problem"?"
• Maybe in reply to: Rajakumar Ramasamy: "HSRP + Port Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART