Re: sticky MAC security! posted 04/07/2008
Yet again Antonio comes up trumps! The 'standby use-bia' command was missing
from the router interface that the port security on the 3750 was supposed to
target. Without this I guess the port was seeing at least two MACs on start
up and going straight to err-disable.
On 4/7/08, Antonio Soares <amsoares@xxxxxxxxxx> wrote:
> I see two options:
> - "standby use-bia"
> - "standby mac-address xxxx.xxxx.xxxx"
> Antonio Soares
> CCIE #18473 (R&S),CCNP,CCIP
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> Patrick Galligan
> Sent: segunda-feira, 7 de Abril de 2008 2:35
> To: ccie girl
> Cc: Cisco certification
> Subject: Re: sticky MAC security!
> On Mon, Apr 7, 2008 at 9:20 AM, ccie girl <ccieangel@xxxxxxxxxxxxxx>
> > Hi guys
> > Anyone up that can help me with this ?
> > I am trying to configure port security on a 3750 like this:-
> > interface GigabitEthernet1/0/5
> > switchport access vlan 567
> > switchport mode access
> > switchport port-security
> > switchport port-security mac-address sticky
> > switchport port-security mac-address 0008.2196.1341 - this is the
> > MAC of my router f0/1 port diretly connected.
> > But this doesn't work as I have HSRP configured between this router
> > f0/1 port and another. The only MAC address that works is the standby
> > virtual MAC address.
> If you increase the max addresses for that port, it will work.
> However, when the HSRP virtual IP moves to your backup router, it's MAC
> address will still be assigned to g1/0/5, just like a static MAC entry. So
> clients won't be able to talk to the default gateway anymore.
> If anyone knows a way of making this work, please speak up :)
> Subscription information may be found at: