Options

Switchport Port-security question

SeefateSeefate Member Posts: 9 ■□□□□□□□□□
in CCNA & CCENT
Hey Guys, I just had a quick question about the switchport port-security mac-address sticky command. I am trying to learn these commands largely without physical equipment and this caught me up a bit. So lets say I have a host connected to port FE 0/1 on the switch and I run the following commands. (c)#interface fastethernet 0/1 (c-if)#switchport port-security mac-address sticky (c-if)#switchport port-security maximum 1 (c-if)#switchport port-security violation shutdown (c-if)#end So now the MAC address of the host connected to port FE0/1 is dynamically learned and stuck into the running config. Then I take that same host and move it to port FE 0/5. If I were to ping the IP address of the switch (Vlan ! Ip address) from the host that is attached to FE 0/5 (assuming the IP configuration is correct) would that ping succeed? To me it makes sense that it would but without any equipment to test with I am not 100% and the book I am using (Cisco Press Lab Book) doesn't specifically say either. Can anyone clarify that for me? Thanks!
· Share on FacebookShare on Twitter

Comments

  • Options
    wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    Provided the rest of the configuration is right. I would say it should work. I think what you are getting cought up on is the "maximum 1" and that is just how many MAC addresses that the port can learn before the violation comes into effect.
    · Share on FacebookShare on Twitter
  • Options
    JSKJSK Member Posts: 166
    I'm sure someone will correct me if I'm wrong but I believe the ping would succeed. Port Fa0/5 would need to be in the same VLAN as Fa0/1 and also have port security enabled in order to trigger a violation.
    · Share on FacebookShare on Twitter
  • Options
    Drift KingDrift King Member Posts: 27 ■□□□□□□□□□
    It should work if fa0/5 is correctly configured i.e. is on the same vlan and has no port security.

    by the way the question is really kind of not related because you were talking about port security on fa0/1 then asked a question about fa0/5..
    If u challenge the best u die like the rest!
    · Share on FacebookShare on Twitter
  • Options
    Bert McGertBert McGert Member Posts: 122
    Port security is limited to the port. If you config only Port 1 to only allow AAAA.BBBB.CCCC, why would the Port 1 config have anything to do with the Port 5 config?

    Alternatively, if you max-1-sticky all 48 ports and move the connection of a single host (with AAAA.BBBB.CCCC) from Port 1, to Port 2, ... , to Port 48, you've effectively allowed only that one host to use any of the ports on your switch. Not useful for any other hosts, but you've set yourself up with some sweet redundancy in case Port 1 has any L1 problems. ;)
    · Share on FacebookShare on Twitter
  • Options
    SeefateSeefate Member Posts: 9 ■□□□□□□□□□
    Thanks for the help guys!

    Yeah, after thinking about it for a bit I was pretty sure I was right and you guys just confirmed it for me.

    BTW, that is an awesome avatar Bert.. lol
    · Share on FacebookShare on Twitter
Sign In or Register to comment.