Re: manual sticky mac address

In this case there is no difference between "switchport port-securty
mac-address <MAC>" and "switchport port-securty mac-address sticky
<MAC>" IMO.

I don't have a switch in front of me now, but as far as I remember
after enabling sticky all dynamically learned MAC addresses will be
converted to sticky secure and added to the running configuration.

It can be a matter of commands order, as you cannot enter sticky MAC
address without entering "port-security mac-address sticky" command
first.

-- 
Piotr Matusiak
CCIE #19860 (R&S, SEC)
2009/9/25 abderrahim sadki <a_sadki1_at_hotmail.com>:
> Hi,
>
> Thank you ! this is exactly what I was reffering to..but one last question,
> with the scenario you gave can' t I use this configuration as well?
>  switchport port-securty mac-address 0001.0002.0003
>  switchport port-securty mac-address sticky
>  switchport port-securty mac-address
>  port-securty maximum 2
>
>
>> Date: Fri, 25 Sep 2009 13:18:28 +0200
>> Subject: Re: manual sticky mac address
>> From: piotr_at_ccie1.com
>> To: a_sadki1_at_hotmail.com
>> CC: ccielab_at_groupstudy.com
>>
>> Hi Abderrahim,
>>
>> First, I suppose you're still thinking about Port Security and command
>> "port-security mac-address sticky <MAC>". Just to be on the same page.
>>
>> If so, you have the following options:
>>
>> 1. Issue command "port-security mac-address sticky" and hit enter -
>> this will dynamically add all MAC addresses which will appear on the
>> interface to the running configuration, so you don't need to configure
>> them manually.
>>
>> 2. Issue command  "port-security mac-address sticky <MAC>" and hit
>> enter - this will add the specified MAC address to your running
>> configuration, so you don't need to wait for any MAC to appear on the
>> interface.
>>
>> 3. Issue command "port-security mac-address <MAC>" - this is to add
>> MAC address manually to the configuration.
>>
>> 4. The switch can learn MAC addresses dynamically - normal operation
>> without port security.
>>
>> The main difference between those three commands is the learning
>> method. If you want to do everything manually you use "port-security
>> mac-address". If dynamically, you use "sticky" option.
>>
>> Real life example: you want to configure port security for a port
>> where usually one workstation is connected to (MAC 0001.0002.00003)
>> and occasionally someone connects there with a laptop (and you don't
>> know what is the MAC address of it).
>>
>> switchport port-securty mac-address sticky 0001.0002.0003
>> switchport port-securty mac-address sticky
>> switchport port-securty mac-address
>> switchport port-securty maximum 2
>>
>> This will allow instant access for user's workstation and will allow
>> one "different" MAC address to be connect to the port.
>>
>> Note that it is not possible to be done using simple "port-security
>> mac-address <MAC>" as you don't know what  the second MAC will be.
>>
>> HTH,
>>
>> --
>> Piotr Matusiak
>> CCIE #19860 (R&S, SEC)
>>
>> 2009/9/25 abderrahim sadki <a_sadki1_at_hotmail.com>:
>> > what I dont understand is this:
>> > manual addresses are in the configuration so even after restart they will
> be
>> > secured.  so why would I wanna make them sticky as well.
>> >
>> > Abderrahim
>> >
>> > Date: Fri, 25 Sep 2009 12:11:20 +0200
>> > Subject: Re: manual sticky mac address
>> > From: rmur_at_ipexpert.com
>> > To: jastorino_at_ipexpert.com
>> > CC: iwan_at_ipexpert.com; a_sadki1_at_hotmail.com; ccielab_at_groupstudy.com
>> >
>> > I assume you refer to the sticky feature with Port Security.The
> difference
>> > with dynamic MAC learning and the sticky configuration is that sticky
>> > automa(t)(g)ically adds the MAC address to the running configuration.
> Please
>> > notice that Running part, as it's not automatically added to the startup
>> > config, so you manually have to do a copy run start or write to save it.
>> >
>> > The dynamically learned MAC addresses are always lost after a reboot so
> the
>> > first PC to connect to that port again has access. With the sticky feature
> you
>> > have much more control about which PC may be connected to that port and
> that
>> > information is saved after a reboot and it makes troubleshooting a lot
> easier
>> > as you can search through your config, instead of using all kinds of show
>> > commands, but you still need to issue that Write every time to be sure
> the
>> > sticky addresses are saved after a reboot of course.
>> >
>> > --
>> >
>> > Regards,
>> >
>> > Rick Mur
>> > CCIE2 #21946 (R&S / Service Provider)
>> > Sr. Support Engineer   IPexpert, Inc.
>> > URL: http://www.IPexpert.com
>> >
>> >
>> >
>> >
>> > On Fri, Sep 25, 2009 at 11:37 AM, Joe Astorino <jastorino_at_ipexpert.com>
>> > wrote:
>> >
>> > The interesting thing is that at least on my 3560 here when you do
>> >
>> > "switchport port-security mac-address sticky" it automagically adds a
> line
>> >
>> > for "switchport port-security mac-address sticky <LEARNED-MAC>"
>> >
>> >
>> >
>> > On Fri, Sep 25, 2009 at 5:23 AM, Iwan Hoogendoorn <iwan_at_ipexpert.com>
> wrote:
>> >
>> >
>> >
>> >> It means that they are hard defined in the configuration ...
>> >
>> >> See it like DHCP and statically assign an IP address based on the MAC
>> >
>> >> -address...
>> >
>> >>
>> >
>> >> --
>> >
>> >> Regards,
>> >
>> >>
>> >
>> >> Iwan Hoogendoorn
>> >
>> >> CCIE #13084 (R&S / Security / SP)
>> >
>> >> Sr. Support Engineer   IPexpert, Inc.
>> >
>> >> URL: http://www.IPexpert.com
>> >
>> >>
>> >
>> >> On Fri, Sep 25, 2009 at 9:39 AM, abderrahim sadki <a_sadki1_at_hotmail.com>
>> >
>> >> wrote:
>> >
>> >> > Hi,
>> >
>> >> >
>> >
>> >> > Id like to know what is the point of having sticky manually entered
> mac
>> >
>> >> > addresses as they are part of the configuration anyway.
>> >
>> >> >
>> >
>> >> > Thanks,
>> >
>> >> > Abderrahim
>> >
>> >> >
>> >
>> >> > _________________________________________________________________
>> >
>> >> > Show them the way! Add maps and directions to your party invites.
>> >
>> >> > http://www.microsoft.com/windows/windowslive/products/events.aspx
>> >
>> >> >
>> >
>> >> >
>> >
>> >> > Blogs and organic groups at http://www.ccie.net
>> >
>> >> >
>> >
>> >> >
> _______________________________________________________________________
>> >
>> >> > Subscription information may be found at:
>> >
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >>
>> >
>> >>
>> >
>> >> Blogs and organic groups at http://www.ccie.net
>> >
>> >>
>> >
>> >> _______________________________________________________________________
>> >
>> >> Subscription information may be found at:
>> >
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Regards,
>> >
>> >
>> >
>> > Joe Astorino - CCIE #24347 R&S
>> >
>> > Technical Instructor - IPexpert, Inc.
>> >
>> > Cell: +1.586.212.6107
>> >
>> > Fax: +1.810.454.0130
>> >
>> > Mailto:  jastorino_at_ipexpert.com
>> >
>> >
>> >
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> >
>> >
>> > _______________________________________________________________________
>> >
>> > Subscription information may be found at:
>> >
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > _________________________________________________________________
>> > Windows Live : Keep your life in sync. Check it out!
>> > http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
> _________________________________________________________________
> Drag n  drop Get easy photo sharing with Windows Live  Photos.
>
> http://www.microsoft.com/windows/windowslive/products/photos.aspx
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net