Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

switchport port-security mac-address sticky

dear Expert:

I have a spare Cisco 2960 switch in my LAN, all of the ports are administrativly down except of port 0/23, which is directly connected to another switchpot.

my question is: I activated port security on this interface and all of the time I find 14 stick Mac-address on this interface, what is the reason?

much appreciate your explanation.

regards,

3 ACCEPTED SOLUTIONS

Accepted Solutions

switchport port-security mac-address sticky

Here is a good link to understand why you are seeing multiple MAC address on an uplink port to another switch.

http://www.ciscopress.com/articles/article.asp?p=101367

In a nutshell, each switch will learn where various MAC address are on an ethernet network. As this port is an uplink (presumably a trunk) to another switch and hosts are broadcasting on other switches, this switch will see the traffic and place the sending stations MAC addresses in it's CAM (memory) table. i.e. mac address and port from which it last saw the traffic.

Do please read over Layer2 basics above.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

switchport port-security mac-address sticky

Of course, forgot to mention this also. Port security on trunks is a no-no

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
New Member

switchport port-security mac-address sticky

On an access port, you will get a single mac-addresses. As long as the same is not connecting VM, a blade, a chassis etc.

9 REPLIES
Silver

Re: switchport port-security mac-address sticky

Hi,

Most probably there are other machines connected through that switchport as well. What does this port connects to, another switch? If so, you will see many mac addresses, probably due to broadcast propagation.

Are you checking it on the switch with disabled ports or you mean that you see these addresses on the other side?

Best regards,

Jan

switchport port-security mac-address sticky

Here is a good link to understand why you are seeing multiple MAC address on an uplink port to another switch.

http://www.ciscopress.com/articles/article.asp?p=101367

In a nutshell, each switch will learn where various MAC address are on an ethernet network. As this port is an uplink (presumably a trunk) to another switch and hosts are broadcasting on other switches, this switch will see the traffic and place the sending stations MAC addresses in it's CAM (memory) table. i.e. mac address and port from which it last saw the traffic.

Do please read over Layer2 basics above.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

switchport port-security mac-address sticky

Personally I wouldn't be enabling port security on connections to other switches.

As its connected to another switch, its learning the MAC addresses of the hosts connected to that switch because a switch needs to know where to forward frames based on the CAM table.

switchport port-security mac-address sticky

Of course, forgot to mention this also. Port security on trunks is a no-no

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

switchport port-security mac-address sticky

OK, 1 more question,

what happen if I apply below commands on the same interface?

  - switchport block multicast

  - switchport block unicast

New Member

switchport port-security mac-address sticky

Here is your reply :

Switch(config-if)# switchport block multicast

Blocks unknown multicast forwarding to the port.

Switch(config-if)# switchport block unicast

Blocks unknown unicast forwarding to the port.

New Member

switchport port-security mac-address sticky

if you are on a trunk, you will fine multiple mac-addresses on the same.

switchport port-security mac-address sticky

OK, but what a bout access port?

New Member

switchport port-security mac-address sticky

On an access port, you will get a single mac-addresses. As long as the same is not connecting VM, a blade, a chassis etc.

901
Views
10
Helpful
9
Replies
CreatePlease to create content