Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Port security test help request
SephStorm
Can someone test this on their lap for me (dont have access to mine)
Can someone setup port security on a L2 Switch with a pc connected, have the port configured to sticky, then clear the mac-address table. we want to confirm if the "static" entry learned through sticky is cleared through that command. According to cisco, it cant be done that way, but Packet tracer appears to allow it. So we want to confirm on lab equipment. Can someone let us know how it works out? Thanks.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
TehToG
If I remember, Once it learns the mac address, it's added to the ports config.
However If i was programming a simulator I might make it so that the learned 'sticky' address references an address somewhere else, so that's why it works in packet tracer.
Danielh22185
Agreed. I think packet tracer might be difficult to test something like this. You are trying to test and reproduce a physical problem logically. I would try and do a physical example if possible. The sticky command only allows for one static mac address, the 1st one learned. Anything else that is plugged in on the same port will err-disable the port after the static address is learned on that port.
SephStorm
Well, we arent testing any physical connectivity, more the ability of the ios software to remove an entry from the table.
exactly, thats why we are hoping someone can test this on physical hardware. According to the release notes for 12.4, 12.2 introduced a change in catalyst switch that should prevent this (therefore, PT should be able to reporduce this condition, we tested this on a 2950 12.1 and a 2960 12.2.
Danielh22185
I really need to bite the bullet and buy the switches I have been telling myself I am going to buy. I would test this for ya in a heart beat if I had the equipment.
SephStorm
As it turns out, on equipment, and in PT the mac is still retained in the IOS when the table is cleared, only in the running config, but it is cleared from the mac-address-table. We'll have to look at the cisco information to see if that matches up with what they say.
EDIT: Can someone test this on 12.4 or later? We just want to confirm as the cisco documentation states this shouldnt be possible in this version.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
