RE: HSRP and BIA

From: Amir.Tahir/Wateen/Lahore (Amir.Tahir@wateen.com)
Date: Tue Jun 10 2008 - 05:05:36 ART

• Next message: Manuel Méndez Cano: "RE: CHEAP: CCIE LAB Rack Rental"
• Previous message: CCIE 2008: "************** Your R&S LAB coming soon ??? then Read This"
• Maybe in reply to: Mike Haddad: "HSRP and BIA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

With reference to HSRP, BIA and Port security, now if we have to enable
port security on HSRP enabled routers how should we proceed....

Configure virtual MAC on active router and use bia on standby ...
Or use both address and enable max-add 2 on switch port. If switchport
port-security max 2 is not allowed how should we resolved this issue

Thanks for reply
Regards
__________________
Amir Tahir

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
akyccie
Sent: Wednesday, June 04, 2008 8:22 PM
To: itsfortarget iwillgetit; Mike Haddad
Cc: ccielab@groupstudy.com
Subject: Re: HSRP and BIA

Just going through the workaround given in below url. What if you are
not
allowed to use "standby use-bia"
Workaround

  a.. Issue the standby use-bia command on the routers. This forces the
routers to use a burned-in address for HSRP instead of the virtual MAC
address.

  b.. Disable port security on the switch ports that connect to the HSRP

enabled routers.

aky

----- Original Message -----
From: "itsfortarget iwillgetit" <itsfortarget@gmail.com>
To: "Mike Haddad" <mike.haddad@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, June 04, 2008 1:24 AM
Subject: Re: HSRP and BIA

> HELLO,
>
>
>
> When port security is configured on the switch ports that are
connected to
> the HSRP enabled routers, it causes a MAC violation, since you cannot
have
> the same secure MAC address on more than one interface. A security
> violation
> occurs on a secure port in one of these situations:
>
> -
>
> The maximum number of secure MAC addresses is added to the address
> table,
> and a station whose MAC address is not in the address table attempts
to
> access the interface.
> -
>
> An address that is learned or configured on one secure interface is
seen
> on another secure interface in the same VLAN.
>
> By default, a port security violation causes the switch interface to
> become
> error-disabled and to shutdown immediately, which blocks the HSRP
status
> messages between the routers.
>
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a
0080094afd.shtml#topic5
>
> On Tue, Jun 3, 2008 at 8:59 AM, Mike Haddad <mike.haddad@hotmail.com>
> wrote:
>
>> Hello,
>>
>> When the question says do not use the BIA address for HSRP. Isn't it
the
>> default behavior of HSRP?
>>
>> Thanks in advance,
>> Regards,
>>
>> _________________________________________________________________
>>
>>
>>

• Next message: Manuel Méndez Cano: "RE: CHEAP: CCIE LAB Rack Rental"
• Previous message: CCIE 2008: "************** Your R&S LAB coming soon ??? then Read This"
• Maybe in reply to: Mike Haddad: "HSRP and BIA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART