Re: Clarification on the Secure Addresses

From: Suryakant P (suryakant.pandian@gmail.com)
Date: Tue Jun 10 2008 - 09:39:23 ART

• Next message: Joseph Brunner: "RE: CCIE# 21108"
• Previous message: Ibrahim kabir: "RE: CCIE# 21108"
• Maybe in reply to: Suryakant P: "Clarification on the Secure Addresses"
• Next in thread: Godswill Oletu: "Re: Clarification on the Secure Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Godswill,

Thanks for the clarification.I was trying to simulate the
information conveyed in the statement made in univercd.

*Sticky *secure MAC addresses*These can be dynamically learned or manually
configured, stored in the address table*, and added to the running
configuration. If these addresses are saved in the configuration file, when
the switch restarts, the interface does not need to dynamically reconfigure
them.

Do you feel ,the two scenarios mentioned by me exactly simulate the above
statement ?

Thanks
With regards
Suryakant

On 6/8/08, Godswill Oletu <oletu@inbox.lv> wrote:
>
> When you add the 'sticky' keyword, you are essentially leaving the control
> to the Switch and asking the switch to secure the first mac-address it
> detects on that port.
>
> There is no need to go further and append a mac-address to the sticky
> command; once the switch registers a mac-address on that port, it is going
> to create another command for you just like.....
>
> 'switchport port-security mac-address sticky 0000.0000.0000'
>
> If this is a trunk port, and you increase the maximum secured mac-addresses
> on that port from the default of 1 to n, the switch will address all the
> ports that it discovered including their vlans to your configure:
>
> e.g. configure
>
> 1
> int fa0/1
> switchport port-security
> switchport port-security maximum 3
> switchport port-security mac-address sticky
> !
>
> If all three mac-addresses come online and are detected by the switch, the
> next time you do 'show run' you will see soomething like this in your
> config:
> !
> int fa0/1
> switchport port-security
> switchport port-security maximum 10
> switchport port-security mac-address sticky
> switchport port-security mac-address sticky 0000.0000.0000
> switchport port-security mac-address sticky 0000.0000.0000 vlan 1
> switchport port-security mac-address sticky 0000.0000.0000 vlan 2
> !
>
> You can see that, it is different from:
>
> switchport port-security mac-address 0000.0000.0002
>
> Because, here you want to manually control the secured mac address.
>
> HTH
>
> Godswill Oletu
> CCIE #16464 (R&S)
>
>
> ----- Original Message ----- From: "Suryakant P" <
> suryakant.pandian@gmail.com>
> To: "ccie forum" <ccielab@groupstudy.com>
> Sent: Sunday, June 08, 2008 11:51 AM
> Subject: Clarification on the Secure Addresses
>
>
> Hi All,
>>
>> Is there any difference in what the following two commands acheive on a
>> secure port or both are diffrerent approaches yielding same result.
>>
>> Switch(config-if)#* switchport port-security mac-address sticky*
>>
>> Switch(config-if)#* switchport port-security mac-address sticky
>> 0000.0000.0002*
>>
>> *or*
>>
>> Switch(config-if)# *switchport port-security mac-address 0000.0000.0002*
>>
>> **
>>
>> In my understanding,both commands add the specified address to the
>> mac-table and running configuration ?Am I right or missing something
>> here?
>>
>>
>>
>> Thanks
>>
>> With regards
>>
>> Suryakant
>>
>>
>>
>> **
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joseph Brunner: "RE: CCIE# 21108"
• Previous message: Ibrahim kabir: "RE: CCIE# 21108"
• Maybe in reply to: Suryakant P: "Clarification on the Secure Addresses"
• Next in thread: Godswill Oletu: "Re: Clarification on the Secure Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART