same MAC address on multiple ports & port-security

davecs · ‎05-05-2005

hi all,

firstly we have port security turned for the two ports in question - with aging set to inactivity & 2 mins. called gig1/0/1 and gig2/0/1

we have a failover netscreen situation with the two eth1's of the Netscreens going into gig1/0/1 and gig2/0/1

now when a netscreen failsover it uses the same MAC address on the new master.

however with port-security enabled the switch needs to age out the MAC address before the new master can send/receive packets.

is there anyway around this?

we need/want port-security but the min aging time is 1 minute which is still far to long in the event of a failover.

cheers

dave

b.hsu · ‎05-12-2005

If port security is enabled, if an address learned or configured on one secure interface is seen on another secure interface in the same VLAN, port security puts the interface into the error-disabled state immediately.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800da706.html

francisramirez · ‎05-12-2005

you can try to hard code the mac address to the port. the mac before the failover and the mac after the failover. max number of secure mac address is 2

hth

francis

davecs · ‎05-12-2005

hi guys,

i think the only way todo it is turn of port security for those ports!

cheers

dave.

munyeephang · ‎05-18-2005

Hi everyone,

Does this work on 2950 switches too?

Thanks alot!

davecs · ‎05-24-2005

Hi,

Does what work? Port security or disabling it to release MAC's faster?

Cheers

Dave