Ok, re-reading the Tasks and PG solution, I see where the other router access ports are configured with port-security. Only the router trunk ports are not configured.
>From my experimenting, I could only get the trunk ports to work with the following commands: switchport port-security maximum 2 switchport port-security maximum 1 vlan First line tells port to allow maximum of 2 mac, period. Second line says only allow 1 mac per vlan. Since router is only configured for 2 vlans, this should work. When I do a "show port-security int f0/1", it shows the router's mac twice, one for each vlan that it's using. I guess everytime it creates an entry for a mac, even if it's the same mac, it counts against the max value set for the port. Does that sound right? On Sun, Jul 5, 2009 at 10:57 AM, Bryan Bartik<[email protected]> wrote: > Hello, > > Is R5 the only router port that is not a trunk? For now, just consider those > that are access ports. This task may need to be re-worded or solution > re-done. > > Thanks, > > On Sun, Jul 5, 2009 at 9:44 AM, jmangawang <[email protected]> wrote: >> >> Second item of task states that router ports should only allow a >> single MAC address before errdisable state occurs. But looking at >> PG's answer, the only router port that gets addressed is R5's port, >> which happens to be an access port. >> >> If this was the real exam, my inclination would be to do exactly as >> told and include ALL the router ports, including those that are set up >> as trunk ports, which is what I did. However, any trunk port with >> port-security enabled goes into errdisable state when the 2nd vlan >> gets any traffic. I tried the "switchport port-security maximum 1 >> vlan" thinking that it would set 1 max mac-address per vlan, but it >> doesn't appear to be working for me. >> >> Is the PG correct in not addressing these router trunk ports? > > > > -- > Bryan Bartik > CCIE #23707 (R&S), CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com >
