Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
7
Replies

Security on Switchports

network489
Level 1
Level 1

‎06-02-2008 07:14 AM - edited ‎03-05-2019 11:21 PM

Can someone please explain to me the difference between the commands, "switchport port-security" (which is the only mandatory command needed to configure port security); and also the "switchport port-security mac-address sticky" command. Doesn't the the first command use the first MAC it sees just like Sticky.

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎06-02-2008 07:20 AM

The sticky option in the command tells the switch to add the mac-addresses learnt on the interface to the running config. If you then save that running config and the switch is reloaded it will use those mac-addresses when it has rebooted. See this link for more details:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sea/configuration/guide/swtrafc.html#wp1038501

Jon

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Jon Marshall

‎06-02-2008 07:26 AM

Hi Jon, How are you !!

Just to ad to Jon's post,by default this sticky option writes all the dynamically learned addresses to the running-config and you can also define the statically configured mac-addresses with the sticky option to be added to running-config.

HTH,

-amit singh

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Amit Singh

‎06-02-2008 07:29 AM

Amit

Haven't seen you around for a while or maybe i just keep missing you. I'm good, taking a bit of time off work but still keeping my hand in with NetPro when i get the chance :-)

Hope things are good with you

Jon

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Jon Marshall

‎06-02-2008 07:45 AM

Jon,

I was busy with my CCIE studies.Just a little busy with my stuff. Hardly getting time to catch Netpro these days.

Write me at amisin@gmail.com

-amit singh

0 Helpful

Pravin Phadte
Level 5
Level 5

‎06-02-2008 07:27 AM

The first one switchport port-security is straight forward, you know the mac-address on that port and you configure it so.

The second one switchport port-security mac-address sticky gives you more flexibility. The mac-address can be dynamically learned. The actual command you type in is:

"switchport port-security mac-address sticky"

The switch then automatically add the command:

"switchport port-security mac-address sticky H.H.H" once it learned the mac-addresss.

You can also manually configured it but you might as well configure as in the first one.

0 Helpful

network489
Level 1
Level 1
In response to Pravin Phadte

‎06-02-2008 07:37 AM

I was told that by simply entering the swichport port-security command, we accept the default settings of only allowing one MAC address, and determining that MAC address from the first device that communicates on that specific port. Which seems to be the same idea behind "Sticky".

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to network489

‎06-02-2008 07:43 AM

You are correct in that only one mac-address is allowed but if you then disconnected the device on that port and connected another device then you still only have one mac-address on that port and so it would be allowed.

With sticky you are specifying the actual mac-address that is allowed on that port so if you connect a different device it will not be allowed.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card