Port Security - Dynamic v Sticky

control

Morning (in the UK anyways), Afternoon or Evening All... Hope everyone is well.


Watching a video regarding Port Security and it looks to me like Dynamic and Sticky do the same thing.

Both "dynamically" learn the mac addresses and the "learned" Mac addresses are lost if the switch is reloaded.

Am I missing something here? I'm hoping someone can give me that Eureka moment if I am.

It all became a bit clearer actually as I continued the video lessons. It seems sticky writes a line to the running config, which I guess at some point would need to be written to the startup config. This seems to be the main difference....I think.

fsanyee

There's no swirchport port-security mac-address option Dynamic.

control

fsanyee wrote: »

There's no swirchport port-security mac-address option Dynamic.

Is it not the default option?

I thought mac addresses could be learned dynamically and using sticky.

fsanyee

No. You can use static address or sticky.
Mac address security is turned off by default.

xbuzz

Correct me if i'm wrong, but I think control is refering that the standard way for switches to learn mac addresses is "dynamic" (without any command). When a new host is plugged into an interface it learns it's mac address when it broadcasts.

Sticky however is a security mechanism. It will take the mac address of the currently connected host and will in essence lock it to that interface, if it is disconnected and another device connects with a different mac address it will not allow it to connect. It will just ignore it.

SteveO86

In regards to the sticky keyword for port-security, the mac-address learned from the port will be added to the running-configuration and will stay there until cleared or reloaded. (Unless the config is written)

Protecting Cisco Switches: Port Security « Another networking blog