RE: Port Security Questions

From: Kulcsár
Date: Thu Nov 02 2006 - 12:00:23 ART

• Next message: Edouard Zorrilla: "Re: Port Security Questions"
• Previous message: Scott Morris: "RE: CCIE #17142"
• Maybe in reply to: Jay Hanke: "Port Security Questions"
• Next in thread: Edouard Zorrilla: "Re: Port Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Jay,

I do not know what software you are using but with 12.2(25)SEC2 it works:

Rack1SW1(config)#int fas0/4
Rack1SW1(config-if)#sw
Rack1SW1(config-if)#switchport po
Rack1SW1(config-if)#switchport port-security
Command rejected: FastEthernet0/4 is a dynamic port.
Rack1SW1(config-if)#sw
Rack1SW1(config-if)#switchport mo
Rack1SW1(config-if)#switchport mode a
Rack1SW1(config-if)#switchport mode access
Rack1SW1(config-if)#switchport port-security
Rack1SW1(config-if)#switchport port-security mac
Rack1SW1(config-if)#switchport port-security mac-address ?
  H.H.H 48 bit mac address
  sticky Configure dynamic secure addresses as sticky
  <cr>

Rack1SW1(config-if)#switchport port-security mac-address 1.1.1
Rack1SW1(config-if)#end
Rack1SW1#sh run int fa
07:14:52: %SYS-5-CONFIG_I: Configured from console by consoles0/4
Building configuration...

Current configuration : 136 bytes
!
interface FastEthernet0/4
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0001.0001.0001

I think sticky addresses are just a convenient way to configure port security so you do not have to configure them manually.

Regards,
Andras

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Jay Hanke
Sent: Thursday, November 02, 2006 3:27 PM
To: ccielab@groupstudy.com
Subject: Port Security Questions

When I set up a static secure mac-address on a 3550 the configuration doesn't show up under the running config but under doing a show mac- the addresses show up correctly as static and survive rebooting the switch.

Where do the static secure addresses save on the switch?

I also ran across a Cisco doc that says:

You can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. After these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although you can manually configure sticky secure addresses, this action is not recommended.

From:

http://cio.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/con
f/port_sec.htm#wp1139579

Is the reason the author is recommending not manually configuring sticky addresses that they can be seen in the running config or something deeper?

Jay

• Next message: Edouard Zorrilla: "Re: Port Security Questions"
• Previous message: Scott Morris: "RE: CCIE #17142"
• Maybe in reply to: Jay Hanke: "Port Security Questions"
• Next in thread: Edouard Zorrilla: "Re: Port Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:44 ART