Re: Clarification on the Secure Addresses

From: Godswill Oletu (oletu@inbox.lv)
Date: Sun Jun 08 2008 - 13:52:07 ART

• Next message: L Pham: "Re: unknown protocol drops"
• Previous message: Paul Cosgrove: "Re: Custom Queueing and Byte Count Net Work Books Volume 5 Lab"
• Maybe in reply to: Suryakant P: "Clarification on the Secure Addresses"
• Next in thread: adedayo ademuyiwa: "Re: Clarification on the Secure Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When you add the 'sticky' keyword, you are essentially leaving the control
to the Switch and asking the switch to secure the first mac-address it
detects on that port.

There is no need to go further and append a mac-address to the sticky
command; once the switch registers a mac-address on that port, it is going
to create another command for you just like.....

'switchport port-security mac-address sticky 0000.0000.0000'

If this is a trunk port, and you increase the maximum secured mac-addresses
on that port from the default of 1 to n, the switch will address all the
ports that it discovered including their vlans to your configure:

e.g. configure

1
int fa0/1
 switchport port-security
 switchport port-security maximum 3
 switchport port-security mac-address sticky
!

If all three mac-addresses come online and are detected by the switch, the
next time you do 'show run' you will see soomething like this in your
config:
!
int fa0/1
switchport port-security
 switchport port-security maximum 10
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0000.0000.0000
 switchport port-security mac-address sticky 0000.0000.0000 vlan 1
 switchport port-security mac-address sticky 0000.0000.0000 vlan 2
!

You can see that, it is different from:

switchport port-security mac-address 0000.0000.0002

Because, here you want to manually control the secured mac address.

HTH

Godswill Oletu
CCIE #16464 (R&S)

----- Original Message -----
From: "Suryakant P" <suryakant.pandian@gmail.com>
To: "ccie forum" <ccielab@groupstudy.com>
Sent: Sunday, June 08, 2008 11:51 AM
Subject: Clarification on the Secure Addresses

> Hi All,
>
> Is there any difference in what the following two commands acheive on a
> secure port or both are diffrerent approaches yielding same result.
>
> Switch(config-if)#* switchport port-security mac-address sticky*
>
> Switch(config-if)#* switchport port-security mac-address sticky
> 0000.0000.0002*
>
> *or*
>
> Switch(config-if)# *switchport port-security mac-address 0000.0000.0002*
>
> **
>
> In my understanding,both commands add the specified address to the
> mac-table and running configuration ?Am I right or missing something
> here?
>
>
>
> Thanks
>
> With regards
>
> Suryakant
>
>
>
> **
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: L Pham: "Re: unknown protocol drops"
• Previous message: Paul Cosgrove: "Re: Custom Queueing and Byte Count Net Work Books Volume 5 Lab"
• Maybe in reply to: Suryakant P: "Clarification on the Secure Addresses"
• Next in thread: adedayo ademuyiwa: "Re: Clarification on the Secure Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART