port security question

Unanswered Question
Mar 29th, 2009

Hi !

I'm currently prepared my CCNP BCMSN Certification Exam....

I would like to have some explanation about the following example found on Cisco WebSite at the address :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swtrafc.html#wp1132917

Switch(config)# interface FastEthernet1/0/1

Switch(config-if)# switchport access vlan 21

Switch(config-if)# switchport mode access

Switch(config-if)# switchport voice vlan 22

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 20

Switch(config-if)# switchport port-security violation restrict

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002

Switch(config-if)# switchport port-security mac-address 0000.0000.0003

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice

Switch(config-if)# switchport port-security mac-address 0000.0000.0004 vlan voice

Switch(config-if)# switchport port-security maximum 10 vlan access

Switch(config-if)# switchport port-security maximum 10 vlan voice

I know my English is deficient, but I don't understand what the keyword "sticky" is present on only some MAC addresses are configured on the interface but not for all of them.... French traduction of the word "sticky" was'nt help me a lot !!

I had understand if the command :"switchport port-security mac-address sticky" is used on the interface the port is allowed to dynamitly learn MAC addresses and add then to his running-config file... if the configuration is saved thoses MAC addresses are alway's configure on that interface and allowed to use this interface, before any other MAC address can be learn in the interface, if maximum is reach because of thoses command no other MAC addresses can be added.

But, what is the difference between thoses 2 commands if they are in running-config and startup-config (except for the MAC address it self) ??

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002

Switch(config-if)# switchport port-security mac-address 0000.0000.0003

Thanks a lot in advanced for your help !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Sun, 03/29/2009 - 19:39

I'm not sure I know what the answer to your question is, but your English is not deficient, my friend. You write better than most Americans I come across!

C'est la vie, mon ami. :-)

Actions

This Discussion