Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

what does sticy command do in spanning tree protocal

What does sticky command do in spanning tree protocal?

  • LAN Switching and Routing

Hey,may you share the command


may you share the command which you are trying to configure, as sticky feature belongs to port-security. And it ensures that port remembers the mac-address/machine connected to it. Adding a document for same:

Also adding the snippet:

"You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. To enable sticky learning, enter the switchport port-security mac-address sticky command. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses.

The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the configuration, they are lost."




New Member

This discussion has been

This discussion has been reposted from Top Contributors to the LAN, Switching and Routing community.

New Member

If you enable 'port-security

If you enable 'port-security mac-address sticky', whatever devices MAC address that is plugged in will remain on that port until an administrator removes it from the port or the switch is restarted. This is beneficial if you're looking for a security feature where only ONE device (phone & laptop) will be stationary and never moved. 

Whatever parameters you set, example, how many mac addresses can be saved per port, what the violation is set to, etc, will determine how often you have to monitor this port or correct it from an err-disabled state.


My suggestion would be 


Interface GigabitEthernet #/#/#

switchport access vlan ##

switchport mode access

switchport voice vlan ##

switchport port-security

switchport port-security maximum 3

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

switchport port-security mac-address sticky

switchport port-security violation restrict

spanning-tree portfast



This will also void any auditor findings you may come across, another command you can do is "errdisable recovery cause all" which will recover the port in a given amount of time from various causes of err-disabling causing actions.

This widget could not be displayed.