GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: HSRP and port-security... posted 09/21/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I understand that you can do it manually by clearing the port-security
entries and bouncing the interface, but this defeats the purpose of
HSRP for fault-tolerant routing and gateway services...  Any way to do
this seamlessly?

On 9/21/06, Radoslav Vasilev <deckland@xxxxxxxxx> wrote:
Hi Tony,

Rack1SW1(config-if)#switchport port-security mac-address  0015.c678.6a98
Found duplicate mac-address 0015.c678.6a98.

Rack1SW1(config-if)#do clear mac-addr dynamic
Rack1SW1(config-if)#switchport port-security mac-address  0015.c678.6a98

interface GigabitEthernet1/0/6
 switchport access vlan 5
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0015.c678.6a98
 shutdown

Rack1SW1(config)#int gi 1/0/6
Rack1SW1(config-if)#no shu
Rack1SW1(config-if)#no shutdown


On 9/21/06, Tony Paterra <apaterra@xxxxxxxxx> wrote: > I was playing with a lab and came across one of those dependant > "gotchas" with HSRP and port-security. I'm trying to minimize the > number of port-security mac-addresses on the switch and still enable > HSRP to function properly. > > 2 questions... > > 1.) I am unable to allow the virtual mac-address on both switchports > as it gives me an error... How can I account for the Active router > going down and the Standby picking it up? > > SW1# > interface GigabitEthernet0/1 > switchport access vlan 99 > switchport mode access > switchport port-security maximum 2 > switchport port-security > switchport port-security mac-address <virtual mac-address> > > interface GigabitEthernet0/2 > switchport access vlan 99 > switchport mode access > switchport port-security maximum 2 > switchport port-security > switchport port-security mac-address <virtual mac-address> > > ERROR: Found duplicate mac-address 0000.0c07.ac01. > > > 2.) Outside of use-bia, is there something I'm missing here? The > best way I see to do this is to put static allow's in for the BIA on > the interfaces and one sticky for the virtual. Should I be playing > with the timers for port-security or mac-address-table aging? > > > Thanks in advance, > -- > Tony Paterra > apaterra@xxxxxxxxx > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html >



--
Tony Paterra
apaterra@xxxxxxxxx