Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port sticky command

Im a little confused on port sticky command, Would it be more Likely to be used as a security for only allowing some devices to connect to a network, or to just keep trace of the devices that have been and currently are connected?

Ive search for a while but just keep coming up short on a basic answer.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Port sticky command

Mitchell

What it should do is when you enable sticky learning the mac address should be written to the running config under the interface of the port. So if you do a "sh run" after you have enabled it (and assuming there is a device connected) you should see in the running config -

int

switchport port-security mac-address sticky

if you then disconnect the device and try to connect another it should not allow it. In addition if you then save configuration and reload the switch it should keep the entries under the port.

Basically it is a way to avoid having to manually type in which mac addresses are meant to be associated with which port.

Are you testing on real switches ?

Jon

4 REPLIES
Hall of Fame Super Blue

Re: Port sticky command

Mitchell

It is primarily a security command to allow you to limit which mac-addresses can use that port rather than simply keeping track of which devices are currently connected. If you simply wanted to see which devices were connected at any time you could just look at the mac address table on your switch ie.

sh mac address-table  or sh mac-address-table depending on the switch.

Jon

New Member

Re: Port sticky command

I have been playing around with the command some more and I still can't fiqure out what it does.

This is the Set up on the Switch.

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 0

Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 0001.962D.BB9A:1

Security Violation Count   : 0

When I disconnect the Device that is connected to Port Fast/01 and Connect up a different Host to the same port, it won't shut the port down.

Its like it forgets the First host completly, Although when I connect it up to another Switch and Put 2 Comps on that switch it does shut down but thats only because the Maximum MAC is 1. So really the sticky command hasn't done anything.

I honestly have Played with the Command for a couple hours on several occasions and read every peice of material I can find. Anything you guys know I would like to know.

Hall of Fame Super Blue

Port sticky command

Mitchell

What it should do is when you enable sticky learning the mac address should be written to the running config under the interface of the port. So if you do a "sh run" after you have enabled it (and assuming there is a device connected) you should see in the running config -

int

switchport port-security mac-address sticky

if you then disconnect the device and try to connect another it should not allow it. In addition if you then save configuration and reload the switch it should keep the entries under the port.

Basically it is a way to avoid having to manually type in which mac addresses are meant to be associated with which port.

Are you testing on real switches ?

Jon

New Member

Re: Port sticky command

Thanks for answering Jon.

I have found the answer. I have not been testing real equipment, which was the cause of the trouble.

I'm still just going for my CCENT lol.

Failed it Twice already but I determined to get it!

anyways, your hint towards are you using real equipment made me think about what the Packet Tracer Program may be missing. I overlooked this one quite a bit as the Host computers on Packet trace do not have Macs on them!!!

So many hours wasted on a simple little thing, Maybe thats why im failing CCENT Blah!

Jon Ill be back for more information on another topic soon enough, you can count on that.

239
Views
0
Helpful
4
Replies
CreatePlease login to create content