Re: switchport port-security

---

• From: Doan <doan@xxxxxxx>
• Date: Mon, 28 Nov 2005 10:45:38 -0800

---

On 28 Nov 2005 firewallstarter@xxxxxxxxxxx wrote:

> All,
> I'm looking at switchport security on the Cisco switches we have on
> campus, 2950s & 4500s. I'm confused about the difference between the
> following commands
>
> conf t
> int fast 0/1
> switchport port-security mac-address H.H.H
>
> and
>
> conf t
> int fast 0/1
> switchport port-security mac-address sticky H.H.H
>
>
> Can anybody tell me why you would use the sticky command in this case
> and what the material difference between the 2 commands is?
>
>
> Thanks as ever for your assiatance.
>
> FWS
>

I hope this helps:

"After you have set the maximum number of secure MAC addresses on a port,
the secure addresses are included in an address table in one of these
ways:

- You can configure all secure MAC addresses by using the switchport
port-security mac-address mac_address interface configuration command.

- You can allow the port to dynamically configure secure MAC addresses
with the MAC addresses of connected devices.

- You can configure a number of addresses and allow the rest to be
dynamically configured.

Note If the port shuts down, all dynamically learned addresses are
removed.

- You can configure MAC addresses to be sticky. These can be dynamically
learned or manually configured, stored in the address table, and added to
the running configuration. If these addresses are saved in the
configuration file, the interface does not need to dynamically relearn
them when the switch restarts. Although sticky secure addresses can be
manually configured, it is not recommended."

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00802c30af.html

Doan


.

---

• References:
  • switchport port-security
    • From: firewallstarter

• Prev by Date: Re: Wy the hell? DMVPN
• Next by Date: Re: Cisco 1750 Config...
• Previous by thread: switchport port-security
• Next by thread: Cisco 1750 Config...
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Ip Helper doesnt work? ... > I use a 3550 L2/L3 switch and I need to use a remote dhcp server. ... > Follows the configuration and some debug output.. ... > no switchport ... (comp.dcom.sys.cisco) Re: Need guidance on Cisco 6513 install ... You might also consider the link between the 6513s, and configure it as a layer 2 Etherchannel with GLBP. ... You'll benefit from a more fault-tolerant switch configuration without the klunkiness of HSRP group assignments. ... We actually do have a Visio diagram for this and have the subnet ... (comp.dcom.sys.cisco) Re: VLAN and TRUNK on a c2960 ... the configuration looks ok, except for the access ports, which should ... be configured with ' spanning-tree portfast' in order to prevent ... switchport access vlan 3 ... (comp.dcom.sys.cisco) Re: Multiple VLANs on Single NIC ... as a routed port, and then assign a secondary address for the second ... subnet. ... The configuration of the switchport would look like this: ... (comp.dcom.sys.cisco)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2005-11