Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring port security - Securing a MAC address

Hi

Can someone please exaplain, when we enter a MAC address as a secure address to a particular interface, why can't we enter an address that is not there in the MAC address table? The address has to be in the MAC address Table if we need to configure a secure port to allow access only to that particular address (when we configure port security).

If we have to enter a MAC address, we have to let the switch first learn that address and then we can make it a secure address. But we can't just configure an address as a secure address for an interface.

Does anyone know why? I think we should be able to configure an address as a secure address, that is not in MAC address table.

Thanks in advance

2 REPLIES
New Member

Re: Configuring port security - Securing a MAC address

This is the function of the STICKY option, it allows the switch to dynamically learn the first MAC address that it sees on a port and add it to its secure mac list.

See Switchport port-security sticky

Re: Configuring port security - Securing a MAC address

Not sure what you mean you cannot configure static secured mac-address unless it's in the table. you should be able to:

2950(config-if)#do show mac-address-table dynamic int fa0/2

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

2950(config-if)#switchport mode access

2950(config-if)#switchport port-security

2950(config-if)#switchport port-security mac-address 0000.00000.0004

2950(config-if)#end

2950#sh run

%SYS-5-CONFIG_I: Configured from console by console int fa 0/2

Building configuration...

Current configuration : 236 bytes

!

interface FastEthernet0/2

switchport access vlan 100

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0004

no ip address

end

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swtrafc.htm#wp1038546

334
Views
0
Helpful
2
Replies
CreatePlease to create content