Port Security

Hey guys. Learnig port security right now and don't understand a Cisco lab I'm currently working on. It is a port security lab involving 3 pc's. 2 are plugged into a 2950 switch, 1 is not plugged into the switch until later.

The lab calls for you to set one of the pc's MAC addy as static on the port it is plugged into. Then, a few steps later the lab tells you to enter in the following commends on the same interface:

switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address sticky

This is the part I do not understand. I thought the previous command instructed the switch to dynamically learn and store the MAC. Though as I stated, a few stpes before this interface was already configured with the MAC as static.

I would greatly appreciate it if someone could explain the point to this. If more information is needed let me know and thanks.

Hey steve, I figure that before this you'd run the command

switchport port-security mac-address <mac-address>

to add a static address to the list right ? Well basically it allows you to have a number of static addresses for one port.. by default the number of secure addresses it lets you add are 1.

However, if you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically learned.

Then when you invoke

switchport port-security mac-address sticky

The secure addresses that were dynamically learned are converted to sticky secure MAC addresses and are added to the running configuration. The normal dynamically learned addresses are only added to the address table and thus are lost when the switch restarts.. 'sticky' makes the switch add the newly learned addresses to the running-config as well so they are permanent.

If you want a step-by-step explanation from the horses mouth :
www.cisco.com/univercd/cc/td/doc/product.../swtrafc.htm#1038501