RE: Port Security Questions

From: Jay Hanke (Jay.Hanke@midwestwireless.com)
Date: Thu Nov 02 2006 - 12:23:58 ART

• Next message: Daniel Fredrick: "Re: First time test takers ..."
• Previous message: Edouard Zorrilla: "Re: Port Security Questions"
• Maybe in reply to: Jay Hanke: "Port Security Questions"
• Next in thread: Edouard Zorrilla: "Re: Port Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here is the config immediately after a switch reload:

!
interface FastEthernet0/1
 switchport access vlan 2
 switchport mode access
 switchport nonegotiate
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0001.9663.bf80
 no ip address
 no cdp enable
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 switchport port-security
 no ip address
 no cdp enable
!

Port security on both ports is working. Fa0/1 is sticky and Fa0/2 is
static. Notice there is no "static" configuration on fa0/2 showing in
the display.

Here is a snippit from sho mac-address-table

   2 0001.9663.bf80 STATIC Fa0/1
   2 0004.c05d.9cc0 STATIC Fa0/2

jay

-----Original Message-----
From: Edouard Zorrilla [mailto:ezorrilla@tsf.com.pe]
Sent: Thursday, November 02, 2006 9:17 AM
To: Jay Hanke; ccielab@groupstudy.com
Subject: Re: Port Security Questions

Jay, Could you please post the runn config for the interface in
question. ?.
I haven't tried the configure manually a sticy mac address, but I gues
it
should show up in the running config. Let me try it out in my rack and I

will let you know,

Regards

----- Original Message -----
From: "Jay Hanke" <Jay.Hanke@midwestwireless.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, November 02, 2006 9:26 AM
Subject: Port Security Questions

> When I set up a static secure mac-address on a 3550 the configuration
> doesn't show up under the running config but under doing a show mac-
the
> addresses show up correctly as static and survive rebooting the
switch.
>
> Where do the static secure addresses save on the switch?
>
> I also ran across a Cisco doc that says:
>
> You can configure MAC addresses to be sticky. These can be dynamically
> learned or manually configured, stored in the address table, and added
> to the running configuration. After these addresses are saved in the
> configuration file, the interface does not need to dynamically relearn
> them when the switch restarts. Although you can manually configure
> sticky secure addresses, this action is not recommended.
>
> From:
>
>
http://cio.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/con
> f/port_sec.htm#wp1139579
>
> Is the reason the author is recommending not manually configuring
sticky
> addresses that they can be seen in the running config or something
> deeper?
>
>
> Jay
>
>

• Next message: Daniel Fredrick: "Re: First time test takers ..."
• Previous message: Edouard Zorrilla: "Re: Port Security Questions"
• Maybe in reply to: Jay Hanke: "Port Security Questions"
• Next in thread: Edouard Zorrilla: "Re: Port Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:44 ART