From: John Matijevic (matijevi@bellsouth.net)
Date: Mon Jun 16 2003 - 19:44:05 GMT-3
Here you go:
I'll configure it under the fa0/1 interface, then you do a sh run to verify
its in the configuration file. Next, you would want to save it to the
startup configuration file, so that the switch doesnt have to relearn the
addresses.
I think you did not configure an address thats why it might have been blank.
First you have to enable with the first command below, then configure again
with mac addrss, then it should show up in your running-config.
Sincerely,
John
cat1(config-if)#switchport port-security mac-address sticky
cat1(config-if)#switchport port-security mac-address sticky 1.1.1
cat1(config-if)#exit
cat1(config)#exi
cat1#
6d05h: %SYS-5-CONFIG_I: Configured from console by console
cat1#sh run
Building configuration...
Current configuration : 2485 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat1
!
!
ip subnet-zero
!
!
spanning-tree extend system-id
!
!
!
interface Port-channel1
switchport trunk encapsulation isl
switchport mode trunk
no ip address
!
interface FastEthernet0/1
switchport access vlan 101
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0001.0001.0001
no ip address
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 134
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 134
switchport mode access
cat1#
From: "Emad " <emad@zakq8.com>
To: "'John Matijevic'" <matijevi@bellsouth.net>
Cc: <ccielab@groupstudy.com>
Sent: Monday, June 16, 2003 2:34 PM
Subject: RE: CAT3550: switchport port-security
> Thanx a lot John , but I'm afraid I didn't catch sticky configuration
> yet,
> I put one router on fa0/4 and its mac address was learned dynamically of
> course and the configuration of that interface was:
>
> interface FastEthernet0/4
> switchport access vlan 10
> switchport port-security maximum 5
> switchport port-security mac-address sticky
> no ip address
>
> am I right in this configuration? And I don't understand the statement
> talking about that I will see the mac address in the running
> configuration , I already did sh run but I didn't see anything , please
> explain with example from your own
>
> thanx
>
> -----Original Message-----
> From: John Matijevic [mailto:matijevi@bellsouth.net]
> Sent: Monday, June 16, 2003 9:15 PM
> To: Emad ; ccielab@groupstudy.com
> Subject: Re: CAT3550: switchport port-security
>
> Hello,
> I hope this information below helps you understand as it did for me.
> Sincerely,
> Matijevic
>
> A secure port can have from 1 to 132 associated secure addresses. After
> you
> have set the maximumnumber of secure MAC addresses on a port, the secure
> addresses are included in an address table in oneof these ways:.You can
> configure all secure MAC addresses by using the switchport port-security
> mac-addressmac-address interface configuration command..You can allow
> the
> port to dynamically configure secure MAC addresses with the MAC
> addresses
> ofconnected devices..You can configure a number of addresses and allow
> the
> rest to be dynamically configured.Once the maximum number of secure MAC
> addresses is configured, they are stored in an address table.Setting a
> maximum number of addresses to one and configuring the MAC address of an
> attached deviceensures that the device has the full bandwidth of the
> port.The switch supports these types of secure MAC addresses:.Static
> secure
> MAC addresses-These are manually configured by using the
> switchportport-security mac-address mac-address interface configuration
> command, stored in the addresstable, and added to the switch running
> configuration..Dynamic secure MAC addresses-These are dynamically
> configured, stored only in the addresstable, and removed when the switch
> restarts..Sticky secure MAC addresses-These are dynamically configured,
> stored in the address table, andadded to the running configuration. If
> these
> addresses are saved in the configuration file, when theswitch restarts,
> the
> interface does not need to dynamically reconfigure them.You can
> configure an
> interface to convert the dynamic MAC addresses to sticky secure MAC
> addressesand to add them to the running configuration by enabling sticky
> learning. To enable sticky learning, enterthe switchport port-security
> mac-address sticky interface configuration command. When you enterthis
> command, the interface converts all the dynamic secure MAC addresses,
> including those that weredynamically learned before sticky learning was
> enabled, to sticky secure MAC addresses. The interfaceadds all the
> sticky
> secure MAC addresses to the running configuration.The sticky secure MAC
> addresses do not automatically become part of the configuration file,
> which
> isthe startup configuration used each time the switch restarts. If you
> save
> the sticky secure MAC addressesin the configuration file, when the
> switch
> restarts, the interface does not need to relearn these addresses.If you
> do
> not save the sticky secure addresses, they are lost
> ----- Original Message -----
> From: "Emad " <emad@zakq8.com>
> To: <ccielab@groupstudy.com>
> Sent: Monday, June 16, 2003 1:26 PM
> Subject: CAT3550: switchport port-security
>
>
> > Folks,
> > I read the DOC CD about this command switchport port-security sticky
> > but I didn't catch the idea behind this command exactly?
> > Please can anyone explain it more clear
> >
> > thanx
> >
> >
> >
> _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:59 GMT-3