Sticky Port Security 3560

Answered Question
Jan 28th, 2009

Is there a better solution to resetting sticky port security on a single port on a Catalyst 3560 SW when a PC is swapped out than:-


sw(config-if)#no switchport port-security mac-address sticky

sw(config-if)#switchport port-security mac-address sticky

sw(config-if)#shutdown

sw(config-if)#no shutdown

sw#wr


I know that you can clear the whole mac address table at the enable prompt, but that is a security risk until all the ports have re-learned the mac addresses.


Any help would be appreciated.

Thanks

Correct Answer by Mark Yeates about 8 years 1 month ago

I think you are looking for the "clear port security sticky interface fa0/X" command. Instead of turning off port security and the interface and enabling them this command will do the same thing. I don't see a security issue by doing this.


http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_40_se/command/reference/cli1.html#wpmkr4260639


HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Mark Yeates Wed, 01/28/2009 - 07:56

I think you are looking for the "clear port security sticky interface fa0/X" command. Instead of turning off port security and the interface and enabling them this command will do the same thing. I don't see a security issue by doing this.


http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_40_se/command/reference/cli1.html#wpmkr4260639


HTH,

Mark

Actions

This Discussion