Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Port Security

Port Security 12 years 7 months ago #2859

  • steveb12
  • steveb12's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
Hey guys. Learnig port security right now and don't understand a Cisco lab I'm currently working on. It is a port security lab involving 3 pc's. 2 are plugged into a 2950 switch, 1 is not plugged into the switch until later.

The lab calls for you to set one of the pc's MAC addy as static on the port it is plugged into. Then, a few steps later the lab tells you to enter in the following commends on the same interface:

switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address sticky

This is the part I do not understand. I thought the previous command instructed the switch to dynamically learn and store the MAC. Though as I stated, a few stpes before this interface was already configured with the MAC as static.

I would greatly appreciate it if someone could explain the point to this. If more information is needed let me know and thanks.
The administrator has disabled public write access.

Re: Port Security 12 years 7 months ago #2863

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hey steve, I figure that before this you'd run the command

switchport port-security mac-address <mac-address>

to add a static address to the list right ? Well basically it allows you to have a number of static addresses for one port.. by default the number of secure addresses it lets you add are 1.

However, if you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically learned.

Then when you invoke

switchport port-security mac-address sticky

The secure addresses that were dynamically learned are converted to sticky secure MAC addresses and are added to the running configuration. The normal dynamically learned addresses are only added to the address table and thus are lost when the switch restarts.. 'sticky' makes the switch add the newly learned addresses to the running-config as well so they are permanent.

If you want a step-by-step explanation from the horses mouth :
Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
The administrator has disabled public write access.
Time to create page: 0.073 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup