Port Security Sticky Question

cisco_kidd20 · February 2015

Hi All,

I wanted to confirm something that left me questioning myself today. I was studying with someone who got their CCNA and they said if sticky is configured to dynamically learn say, 3 mac addresses, when the PC is shut down, that mac address is released by the switch freeing up 1 of the 3 dynamically learned addresses. I think this is false but I wanted to confirm that there is NO release of mac addresses in dynamically learned mac addresses when a cable is unplugged or a PC is shut down, I would think that would defeat the purpose of port security.

Thanks in advance!!

Vask3n · February 2015

You are correct, there is no "forgetting" of sticky MAC addresses in that sense.

The device will simply greenlight the first x devices that connect, where x is the sticky number (in this case, 3). Whether or not these devices are always on is irrelevant.

cisco_kidd20 · February 2015

Excellent, thank you for the confirmation!

_Gonzalo_ · February 2015

Sorry, but that is not correct.

Sticky addresses are saved in running config, so if you reboot and have not saved your configuration, those MACs would be lost. Find CISCO´s confirmation on this link:

Catalyst 6500 Release 12.2SX Software Configuration Guide - Port Security [Cisco Catalyst 6500 Series Switches] - Cisco

tecnodog7 · February 2015

Aren't we assuming though than once someone is configured their device they are going to save their config?

And if that is that case, aren't all the config are erased on a startup no?

mweaver84 · February 2015

tecnodog7 wrote: »

Aren't we assuming though than once someone is configured their device they are going to save their config?

And if that is that case, aren't all the config are erased on a startup no?

That is true but he just wondering happened to the learned mac addresses when a computer on the switch gets shut down or unplugged though. Not what happens when a switch gets shut down or rebooted.

_Gonzalo_ · February 2015

mweaver84 wrote: »

That is true but he just wondering happened to the learned mac addresses when a computer on the switch gets shut down or unplugged though. Not what happens when a switch gets shut down or rebooted.

Hehehe
You´re right, I misread it... Obviously, hosts do not play any role in what a switch saves or does not save.

cisco_kidd20 · February 2015

OK interesting, I learned something new, but it brings up another question.

Scnerio:

I set up a brand new network in an office. I am told by my boss that no other host is to be plugged into each network port in each cubical, so I configure sticky on the switch ports to shut down if another device is plugged in. I have 40 desktop hosts, and I turn them all on, the switch learns all the MAC addresses in it's running config. The next step would be to copy run start if I don't want to lose the learned MACs?

mweaver84 · February 2015

cisco_kidd20 wrote: »

OK interesting, I learned something new, but it brings up another question.

Scnerio:

I set up a brand new network in an office. I am told by my boss that no other host is to be plugged into each network port in each cubical, so I configure sticky on the switch ports to shut down if another device is plugged in. I have 40 desktop hosts, and I turn them all on, the switch learns all the MAC addresses in it's running config. The next step would be to copy run start if I don't want to lose the learned MACs?

Yep, if you don't save the config and switch restarts, those previous MAC addresses will be lost.

Port Security Sticky Question

Comments