Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is Switch Port Security VLAN Specific

Hi,

Scenario:

If I plug my PC on switch port X in vlan 100 and then move PC on other port Y in vlan 200 

With port security with mac address sticky enabled on all switch ports then will the port Y will enter into err-disabled mode.

Kindly reply.

1 REPLY
Cisco Employee

Hi,From my understanding it

Hi,

From my understanding it port X would work fine when you connect to port Y.

To prevent this kind you need to go with Port-security max on specific ports.

Ref:

It dynamically associates the mac-address to the port. Without the sticky option, the mac-address association goes away after a specified period of time.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

When you enable sticky learning on an interface by using the switchport port-security mac-address sticky interface configuration command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses and adds all sticky secure MAC addresses to the running configuration.

It validates your posting.

Also, some additional information:

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

f you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

If you disable sticky learning and enter the switchport port-security mac-address sticky mac-address interface configuration command, an error message appears, and the sticky secure MAC address is not added to the running configuration.

 

HTH

Regards

Inayath

*********Please dont forget to rate usefull posts*********

 

31
Views
0
Helpful
1
Replies
CreatePlease to create content