Re: Re¡G Port-security mac-address vs.

From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Wed Jan 02 2008 - 15:44:24 ARST

• Next message: Scott Morris: "RE: Re¡G Port-security mac-address vs. mac-address sti"
• Previous message: Mark Snow: "Re: Voice: CCM partition and css approach"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Scott,

Addresses defined either way appear in the running config of my 3560
(12.2-25 SED1). Looks like the only difference may be that sticky
addresses can also be automatically learned:

Switch1(config-if)#do sh run int fa0/8
Building configuration...

Current configuration : 492 bytes
!
interface FastEthernet0/8
 switchport access vlan 26
 switchport trunk encapsulation dot1q
 switchport mode access
 switchport port-security maximum 4
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0000.abcd.abcd
 switchport port-security mac-address 0015.2bc4.2f23
 switchport port-security mac-address 0015.2bc4.2fde
 switchport port-security mac-address sticky 0015.2bc4.abbb
end

Switch1(config-if)#do sh port-security int fa0/8 addr
          Secure Mac Address Table
------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
                                                              (mins)
---- ----------- ---- ----- -------------
  26 0000.abcd.abcd SecureSticky Fa0/8 -
  26 0015.2bc4.2f23 SecureConfigured Fa0/8 -
  26 0015.2bc4.2fde SecureConfigured Fa0/8 -
  26 0015.2bc4.abbb SecureSticky Fa0/8 -
------------------------------------------------------------------------
Total Addresses: 4

Switch1(config-if)#

Regards,

Paul.

Scott Morris wrote:
> The "switchport port-security mac-address" command only enters the MAC in
> the RUNNING table (e.g. nothing in "show run"). if you want it to survive
> reboot and show up in your config, you have to use sticky. Sticky will work
> for both static AND dynamic entries.
>
> Look at "show run" versus "show port-security". :)
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> A Cisco Learning Partner - We Accept Learning Credits!
>
> smorris@ipexpert.com
>
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Chan
> Hong
> Sent: Wednesday, January 02, 2008 11:03 AM
> To: Eric Phillips; ccielab@groupstudy.com
> Subject: Re!G Port-security mac-address vs. mac-address sticky?
>
> I saw something similar in IPExpert lab. Please someone explain or post some
> reference link, thanks.
>
>
> ----- 6l%s-l%s ----
> 1H%s$H!R Eric Phillips
> <eric@phillips.tc>
> &,%s$H ccielab@groupstudy.com
> 6G0e$i4A!R 2008 &~ 1$k 2 $i
> ,P4A$T $U$H 8:24:22
> %DCD!G Port-security mac-address vs. mac-address sticky?
> Hey all,
>
> I understand that with port-security the sticky command allows the switch to
> dynamically learn MAC addresses and save them to the running config as
> "switchport port-security mac-address sticky 0000.000c.0001" as an example.
> What I was curious though is in all the books and CBTs I have seen, the
> author/instructor always manually enters MAC addresses using the sticky
> command, not just "switchport port-security mac-address 0000.000c.0001."
>
> If
> you are manually configuring the MAC addresses for port-security, is there
> any difference between:
> switchport port-security mac-address 0000.000c.0001 and
> switchport port-security mac-address sticky 0000.000c.0001?
>
> In my testing I
> do not seem to see any difference, so I am curious if anyone knows of a
> difference, or are they the same if you are manually configuring the MAC
> addresses?
>
> Thanks,
>
> Eric
>
> --
> Eric M. Phillips
> Senior Network Consultant
>
> LTI Information Technology http://www.ltiit.com
> 501 Avis Drive
> Ann Arbor, MI 48108
>
> Phone: (734) 929-1400 Fax: (734)
> 929-1401
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> 9oYahoo! Mail
> &3%t&s7N(#)N+XD3!A=P+e)9http://help.yahoo.com/fast/help/hkc/mail/cgi_feedbac
> k
> Ap58'Z-L
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>

-- 
Paul Cosgrove
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301  
tel: +353-1-660 9040  fax: +353-1-660 3666
web: http://www.heanet.ie/       

• Next message: Scott Morris: "RE: Re¡G Port-security mac-address vs. mac-address sti"
• Previous message: Mark Snow: "Re: Voice: CCM partition and css approach"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST