Solved: Sticky Port Security 3560

paultjohnson · ‎01-28-2009

Is there a better solution to resetting sticky port security on a single port on a Catalyst 3560 SW when a PC is swapped out than:-

sw(config-if)#no switchport port-security mac-address sticky

sw(config-if)#switchport port-security mac-address sticky

sw(config-if)#shutdown

sw(config-if)#no shutdown

sw#wr

I know that you can clear the whole mac address table at the enable prompt, but that is a security risk until all the ports have re-learned the mac addresses.

Any help would be appreciated.

Thanks

Mark Yeates · ‎01-28-2009

I think you are looking for the "clear port security sticky interface fa0/X" command. Instead of turning off port security and the interface and enabling them this command will do the same thing. I don't see a security issue by doing this.

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_40_se/command/reference/cli1.html#wpmkr4260639

HTH,

Mark

View solution in original post

Mark Yeates · ‎01-28-2009

I think you are looking for the "clear port security sticky interface fa0/X" command. Instead of turning off port security and the interface and enabling them this command will do the same thing. I don't see a security issue by doing this.

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_40_se/command/reference/cli1.html#wpmkr4260639

HTH,

Mark

paultjohnson · ‎01-28-2009

Many thanks Mark, hadn't followed the sub-commands far enough!