RE: RE: port-security sticky

From: James Matrisciano (jmatrisciano@kenttech.com)
Date: Wed Mar 16 2005 - 10:08:56 GMT-3

• Next message: McCallum, Robert: "RE: Link Up/Down is not logged at Cat 65/45 Native IOS"
• Previous message: Ali Fahmi : "Link Up/Down is not logged at Cat 65/45 Native IOS"
• Maybe in reply to: Edwards, Andrew M: "RE: port-security sticky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As an add on, if it is a port with an IP phone and PC, make sure you
allow three addresses to be allowed in. The phone holds two addresses
(in port out port) and the port on the PC.

jm

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Wednesday, March 16, 2005 7:48 AM
To: ccielab@groupstudy.com; sundarp@gmail.com
Subject: Re: RE: port-security sticky

======================
quoted
My understanding of 'sticky' learning is, switch learns the mac-address
dynamically and stores in the address in mac-address-table and
running-config. If saved to config, the switch doesn't need to relearn
the address dynamically when the switch restarts next time.

By default, maximum mac-address allowed is 1. If that's the case, then
the "switchport port-security sticky" should be good enough. Then what
is the need for a redundant static mac-address in there.
=========================

Yeah, the explanation on DOC CD does not help to clarify. I also tried
the
books Cisco Lan Switching (CCIE Professional Development series) and
Cisco Lan Switching Fundamentals but they didn't help on this particular

topic.

My conclusion is this:

Manually entered MAC will be added to running config:
Int fa 0/3
 switchport mode access
 switchport port-security
 switchport port-security maxi 1
 switchport port-security mac sticky hhhh.hhhh.hhhh

Learned MAC will be added to running config
Int fa 0/3
 switchport mode access
 switchport port-security
 switchport port-security maxi 1
 switchport port-security mac sticky

Manually entered Mac will be added to CAM
Int fa 0/3
switchport mode access
 switchport port-security
 switchport port-security maxi 1
 switchport port-security mac hhhh.hhhh.hhhh

Now, it is necessary to analyse the task.
If the task directs you to protect a known MAC (even though it is not
explicit said it is known), then use 'switchport port-security mac ...'

If the task says the above and also that it should be saved on running,
use the above and sticky.

If the task says you should allow only the first learned MAC to be added

to running, then use 'switchport port-security mac sticky'.

Cordially

• Next message: McCallum, Robert: "RE: Link Up/Down is not logged at Cat 65/45 Native IOS"
• Previous message: Ali Fahmi : "Link Up/Down is not logged at Cat 65/45 Native IOS"
• Maybe in reply to: Edwards, Andrew M: "RE: port-security sticky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:46 GMT-3