RE: port-security sticky

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Tue Mar 15 2005 - 14:39:45 GMT-3

• Next message: Edwards, Andrew M: "RE: how can I connect two routers with built-in T1 CSU/DSU?"
• Previous message: Ed Lui: "Re: Minimal Number of Statements"
• Maybe in reply to: Sundar Palaniappan: "port-security sticky"
• Next in thread: gladston@br.ibm.com: "Re: RE: port-security sticky"
• Maybe reply: gladston@br.ibm.com: "Re: RE: port-security sticky"
• Maybe reply: James Matrisciano: "RE: RE: port-security sticky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sundar,

It has been my experience that when you tell it to use the sticky mac
address the IOS will add the learned mac address to the config as you
stated.

However, it wont save it to the configuration unless you save the
configuration. Instead, upon reload, the switch dumps the sticky
learned address and relearns it upon reboot.

IOW, the dynamically learned sticky mac will be in the running
configuration but not the startup configuration unless you SAVE the
configuration with the dynamically learned sticky mac address (e.g. copy
run start or wr).

Here is a link and quote from DOCCD:

"The sticky secure MAC addresses do not automatically become part of the
configuration file, which is the startup configuration used each time
the switch restarts. If you save the sticky secure MAC addresses in the
configuration file, when the switch restarts, the interface does not
need to relearn these addresses. If you do not save the configuration,
they are lost."

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12119ea1/3550s
cg/swtrafc.htm#1038501

HTH,

Andy

-----Original Message-----
From: Sundar Palaniappan [mailto:sundarp@gmail.com]
Sent: Tuesday, March 15, 2005 8:04 AM
To: ccielab@groupstudy.com
Subject: port-security sticky

Found the following example on CCO.

This example shows how to configure a static secure MAC address on a
port and enable sticky learning:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface fastethernet0/2

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address 0000.02000.0004

Switch(config-if)# switchport port-security mac-address sticky

Am a little confused as to why would you need "port-security sticky" and
"port security mac-address" configured under the same interface.

My understanding of 'sticky' learning is, switch learns the mac-address
dynamically and stores in the address in mac-address-table and
running-config. If saved to config, the switch doesn't need to relearn
the address dynamically when the switch restarts next time.

By default, maximum mac-address allowed is 1. If that's the case, then
the "switchport port-security sticky" should be good enough. Then what
is the need for a redundant static mac-address in there.

Hope someone can shed some light on this topic.

TIA,
Sundar Palaniappan

• Next message: Edwards, Andrew M: "RE: how can I connect two routers with built-in T1 CSU/DSU?"
• Previous message: Ed Lui: "Re: Minimal Number of Statements"
• Maybe in reply to: Sundar Palaniappan: "port-security sticky"
• Next in thread: gladston@br.ibm.com: "Re: RE: port-security sticky"
• Maybe reply: gladston@br.ibm.com: "Re: RE: port-security sticky"
• Maybe reply: James Matrisciano: "RE: RE: port-security sticky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:46 GMT-3