From: Pavel Bykov (slidersv@gmail.com)
Date: Tue Jan 20 2009 - 08:03:40 ARST
:) No.
Switching rule #2:
Every mac address in the network has to be unique.
When duplicate mac addresses are introduced into a switching network, cisco
switches usually assign made up address to both of the ports, effectively
flooding traffic destined to that mac address, because of unknown unicast
behavior rule.
Microsoft engineers thought it would be smart to use that rule to setup
their clusters - they assign all members same mac address - this way they
have guarantee that traffic will be delivered to them since it's going to be
unknown unicast, because all switches that conform to standards will try to
correct that "error" by not using that duplicate mac... kind of reminds me
of 640K being enough for everybody...
Anyways, youcould probably create a filter that would allow only mentioned
mac addres, but MAC address table will not accept duplicate mac. (all that
in same VLAN ofcourse) which brings me to possible solution:
Can you assign those two ports to different VLANs? and have VLANs behave the
same? I.E. lead to SVI somewhere. This would be a possible solution:
Rack1SW2(config)#int ra fa 0/8 - 9
Rack1SW2(config-if-range)#switchport access vlan 4
Rack1SW2(config-if-range)#switchport port-security
Command rejected: FastEthernet0/8 is a dynamic port.
% Range command terminated because it failed on FastEthernet0/8
Rack1SW2(config-if-range)#switchport mode acc
Rack1SW2(config-if-range)#switchport port-security
Rack1SW2(config-if-range)#switchport port-security mac-address
000c.257e.f7aa
Found duplicate mac-address 000c.257e.f7aa.
% Interface range command failed for FastEthernet0/9
Rack1SW2(config-if-range)#
Rack1SW2#sh run int fa
1d01h: %SYS-5-CONFIG_I: Configured from console by console
Rack1SW2#sh run int fa 0/9
Building configuration...
Current configuration : 109 bytes
!
interface FastEthernet0/9
switchport access vlan 4
switchport mode access
switchport port-security
end
Rack1SW2#sh run int fa 0/8
Building configuration...
Current configuration : 162 bytes
!
interface FastEthernet0/8
switchport access vlan 4
switchport mode access
switchport port-security
switchport port-security mac-address 000c.257e.f7aa
end
Rack1SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1SW2(config)#int fa 0/9
Rack1SW2(config-if)#switch acc vlan 5
Rack1SW2(config-if)#
Rack1SW2(config-if)#switchport port-security mac-address 000c.257e.f7aa
Rack1SW2(config-if)#
Rack1SW2#
Rack1SW2#
Rack1SW2#sh run int
1d01h: %SYS-5-CONFIG_I: Configured from console by console
Rack1SW2#sh run int fa 0/8
Building configuration...
Current configuration : 162 bytes
!
interface FastEthernet0/8
switchport access vlan 4
switchport mode access
switchport port-security
switchport port-security mac-address 000c.257e.f7aa
end
Rack1SW2#sh run int fa 0/9
Building configuration...
Current configuration : 162 bytes
!
interface FastEthernet0/9
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address 000c.257e.f7aa
end
See?
On Tue, Jan 20, 2009 at 10:12 AM, Mark Stephanus Chandra <
mark.chandra@gmail.com> wrote:
> Guys,
>
>
>
> I want to configure my mac-address to be allowed on multiple port on a
> switch port-security.
>
>
>
> But when I insert the configuration, I have duplicated mac-address error.
>
>
>
> switchport port-security mac-address 000c.257e.f7aa
>
> Found duplicate mac-address 000c.257e.f7aa.
>
>
>
> Anyway, I just curious, is this can be done ? Configuring port-security
> mac-address command with the same mac-address on the multiple ports ?
>
>
>
> Thanks in advance
>
>
>
> Regards
>
>
>
> Mark Stephanus Chandra
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST