RE:

From: paulc@heanet.ie
Date: Wed Jan 02 2008 - 20:52:18 ARST

• Next message: Eric Phillips: "Re: Re¡G Port-security mac-ad"
• Previous message: Jorge Martinez: "Re: How to speed up Inverse-ARP"
• Next in thread: cindy tanner: "RE:"
• Maybe reply: cindy tanner: "RE:"
• Maybe reply: Santi: "RE:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Must be that the behaviour has changed as the static definitions still
appear in the show run using 12.2(25)SED1 without using 'sticky':

Switch1(config)#default interface fa0/8
Interface FastEthernet0/8 set to default configuration
Switch1(config)#int fa0/8
Switch1(config-if)#swi mode acc
Switch1(config-if)#swi acc vlan 26
Switch1(config-if)#swi port-sec max 4
Switch1(config-if)#swi port-security mac-address 0000.aaaa.aaaa
Switch1(config-if)#swi port-security mac-address 0000.bbbb.bbbb
Switch1(config-if)#swi port-security
Switch1(config-if)#do sh run int fa0/8
Building configuration...

Current configuration : 252 bytes
!
interface FastEthernet0/8
 switchport access vlan 26
 switchport mode access
 switchport port-security maximum 4
 switchport port-security
 switchport port-security mac-address 0000.aaaa.aaaa
 switchport port-security mac-address 0000.bbbb.bbbb
end

Paul.

> Right, but if you start out WITHOUT the sticky command, they will not
> appear
> in "sh run".
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> A Cisco Learning Partner - We Accept Learning Credits!
>
> smorris@ipexpert.com
>
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
>
>
>
> -----Original Message-----
> From: Paul Cosgrove [mailto:paul.cosgrove@heanet.ie]
> Sent: Wednesday, January 02, 2008 12:44 PM
> To: Scott Morris
> Cc: 'Chan Hong'; 'Eric Phillips'; ccielab@groupstudy.com
> Subject: Re: Re!G Port-security mac-address vs. mac-address sticky?
>
> Hi Scott,
>
> Addresses defined either way appear in the running config of my 3560
> (12.2-25 SED1). Looks like the only difference may be that sticky
> addresses
> can also be automatically learned:
>
> Switch1(config-if)#do sh run int fa0/8
> Building configuration...
>
> Current configuration : 492 bytes
> !
> interface FastEthernet0/8
> switchport access vlan 26
> switchport trunk encapsulation dot1q
> switchport mode access
> switchport port-security maximum 4
> switchport port-security
> switchport port-security mac-address sticky switchport port-security
> mac-address sticky 0000.abcd.abcd switchport port-security mac-address
> 0015.2bc4.2f23 switchport port-security mac-address 0015.2bc4.2fde
> switchport port-security mac-address sticky 0015.2bc4.abbb end
>
> Switch1(config-if)#do sh port-security int fa0/8 addr
> Secure Mac Address Table
> ------------------------------------------------------------------------
> Vlan Mac Address Type Ports Remaining Age
> (mins)
> ---- ----------- ---- ----- -------------
> 26 0000.abcd.abcd SecureSticky Fa0/8 -
> 26 0015.2bc4.2f23 SecureConfigured Fa0/8 -
> 26 0015.2bc4.2fde SecureConfigured Fa0/8 -
> 26 0015.2bc4.abbb SecureSticky Fa0/8 -
> ------------------------------------------------------------------------
> Total Addresses: 4
>
> Switch1(config-if)#
>
>
> Regards,
>
> Paul.
>
>
> Scott Morris wrote:
>> The "switchport port-security mac-address" command only enters the MAC
>> in the RUNNING table (e.g. nothing in "show run"). if you want it to
>> survive reboot and show up in your config, you have to use sticky.
>> Sticky will work for both static AND dynamic entries.
>>
>> Look at "show run" versus "show port-security". :)
>>
>> HTH,
>>
>>
>> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>> CCSI/JNCI-M/JNCI-ER
>> VP - Technical Training - IPexpert, Inc.
>> IPexpert Sr. Technical Instructor
>>
>> A Cisco Learning Partner - We Accept Learning Credits!
>>
>> smorris@ipexpert.com
>>
>>
>>
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> http://www.ipexpert.com
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>> Of Chan Hong
>> Sent: Wednesday, January 02, 2008 11:03 AM
>> To: Eric Phillips; ccielab@groupstudy.com
>> Subject: Re!G Port-security mac-address vs. mac-address sticky?
>>
>> I saw something similar in IPExpert lab. Please someone explain or
>> post some reference link, thanks.
>>
>>
>> ----- 6l%s-l%s ----
>> 1H%s$H!R Eric Phillips
>> <eric@phillips.tc>
>> &,%s$H ccielab@groupstudy.com
>> 6G0e$i4A!R 2008 &~ 1$k 2 $i
>> ,P4A$T $U$H 8:24:22
>> %DCD!G Port-security mac-address vs. mac-address sticky?
>> Hey all,
>>
>> I understand that with port-security the sticky command allows the
>> switch to dynamically learn MAC addresses and save them to the running
>> config as "switchport port-security mac-address sticky 0000.000c.0001"
>> as
> an example.
>> What I was curious though is in all the books and CBTs I have seen,
>> the author/instructor always manually enters MAC addresses using the
>> sticky command, not just "switchport port-security mac-address
> 0000.000c.0001."
>>
>> If
>> you are manually configuring the MAC addresses for port-security, is
>> there any difference between:
>> switchport port-security mac-address 0000.000c.0001 and
>> switchport port-security mac-address sticky 0000.000c.0001?
>>
>> In my testing I
>> do not seem to see any difference, so I am curious if anyone knows of
>> a difference, or are they the same if you are manually configuring the
>> MAC addresses?
>>
>> Thanks,
>>
>> Eric
>>
>> --
>> Eric M. Phillips
>> Senior Network Consultant
>>
>> LTI Information Technology http://www.ltiit.com
>> 501 Avis Drive
>> Ann Arbor, MI 48108
>>
>> Phone: (734) 929-1400 Fax: (734)
>> 929-1401
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> 9oYahoo! Mail
>> &3%t&s7N(#)N+XD3!A=P+e)9http://help.yahoo.com/fast/help/hkc/mail/cgi_f
>> eedbac
>> k
>> Ap58'Z-L
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>
>
> --
> Paul Cosgrove
> HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5
> George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301
> tel: +353-1-660 9040 fax: +353-1-660 3666
> web: http://www.heanet.ie/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Eric Phillips: "Re: Re¡G Port-security mac-ad"
• Previous message: Jorge Martinez: "Re: How to speed up Inverse-ARP"
• Next in thread: cindy tanner: "RE:"
• Maybe reply: cindy tanner: "RE:"
• Maybe reply: Santi: "RE:"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST