RE: manual sticky mac address from abderrahim sadki on 2009-09-25 (Ccielab archives 09/2009)

From: abderrahim sadki <a_sadki1_at_hotmail.com>
Date: Fri, 25 Sep 2009 10:20:25 +0000

what I dont understand is this:
manual addresses are in the configuration so even after restart they will be
secured. so why would I wanna make them sticky as well.

Abderrahim

Date: Fri, 25 Sep 2009 12:11:20 +0200
Subject: Re: manual sticky mac address
From: rmur_at_ipexpert.com
To: jastorino_at_ipexpert.com
CC: iwan_at_ipexpert.com; a_sadki1_at_hotmail.com; ccielab_at_groupstudy.com

I assume you refer to the sticky feature with Port Security.The difference
with dynamic MAC learning and the sticky configuration is that sticky
automa(t)(g)ically adds the MAC address to the running configuration. Please
notice that Running part, as it's not automatically added to the startup
config, so you manually have to do a copy run start or write to save it.

The dynamically learned MAC addresses are always lost after a reboot so the
first PC to connect to that port again has access. With the sticky feature you
have much more control about which PC may be connected to that port and that
information is saved after a reboot and it makes troubleshooting a lot easier
as you can search through your config, instead of using all kinds of show
commands, but you still need to issue that Write every time to be sure the
sticky addresses are saved after a reboot of course.

--
Regards,
Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Sr. Support Engineer  IPexpert, Inc.
URL: http://www.IPexpert.com
On Fri, Sep 25, 2009 at 11:37 AM, Joe Astorino <jastorino_at_ipexpert.com>
wrote:
The interesting thing is that at least on my 3560 here when you do
"switchport port-security mac-address sticky" it automagically adds a line
for "switchport port-security mac-address sticky <LEARNED-MAC>"
On Fri, Sep 25, 2009 at 5:23 AM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote:
> It means that they are hard defined in the configuration ...
> See it like DHCP and statically assign an IP address based on the MAC
> -address...
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer   IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On Fri, Sep 25, 2009 at 9:39 AM, abderrahim sadki <a_sadki1_at_hotmail.com>
> wrote:
> > Hi,
> >
> > Id like to know what is the point of having sticky manually entered mac
> > addresses as they are part of the configuration anyway.
> >
> > Thanks,
> > Abderrahim
> >
> > _________________________________________________________________
> > Show them the way! Add maps and directions to your party invites.
> > http://www.microsoft.com/windows/windowslive/products/events.aspx
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
--
Regards,
Joe Astorino - CCIE #24347 R&S
Technical Instructor - IPexpert, Inc.
Cell: +1.586.212.6107
Fax: +1.810.454.0130
Mailto:  jastorino_at_ipexpert.com
Blogs and organic groups at http://www.ccie.net

Received on Fri Sep 25 2009 - 10:20:25 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:04 ART