05-05-2005 10:39 PM - edited 03-02-2019 10:41 PM
hi all,
firstly we have port security turned for the two ports in question - with aging set to inactivity & 2 mins. called gig1/0/1 and gig2/0/1
we have a failover netscreen situation with the two eth1's of the Netscreens going into gig1/0/1 and gig2/0/1
now when a netscreen failsover it uses the same MAC address on the new master.
however with port-security enabled the switch needs to age out the MAC address before the new master can send/receive packets.
is there anyway around this?
we need/want port-security but the min aging time is 1 minute which is still far to long in the event of a failover.
cheers
dave
05-12-2005 06:28 AM
If port security is enabled, if an address learned or configured on one secure interface is seen on another secure interface in the same VLAN, port security puts the interface into the error-disabled state immediately.
05-12-2005 10:27 AM
you can try to hard code the mac address to the port. the mac before the failover and the mac after the failover. max number of secure mac address is 2
hth
francis
05-12-2005 04:36 PM
hi guys,
i think the only way todo it is turn of port security for those ports!
cheers
dave.
05-18-2005 07:47 PM
Hi everyone,
Does this work on 2950 switches too?
Thanks alot!
05-24-2005 05:13 PM
Hi,
Does what work? Port security or disabling it to release MAC's faster?
Cheers
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide