Cisco Port Sticky

Published on by dellpe

Question:

Im a little confused on port sticky command, Would it be more Likely to be used as a security for only allowing some devices to connect to a network, or to just keep trace of the devices that have been and currently are connected?

Ive search for a while but just keep coming up short on a basic answer.

Answer:

Sticky secure MAC addresses. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, we do not recommend it.

What it should do is when you enable sticky learning the mac address should be written to the running config under the interface of the port. So if you do a "sh run" after you have enabled it (and assuming there is a device connected) you should see in the running config -

int <int type/no>

switchport port-security mac-address sticky <mac address>

if you then disconnect the device and try to connect another it should not allow it. In addition if you then save configuration and reload the switch it should keep the entries under the port.

Basically it is a way to avoid having to manually type in which mac addresses are meant to be associated with which port.

Example in Cisco WS-C3750X-24T-L

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security mac-address sticky

Switch(config-if)#switchport port-security violoation shutdown

wht it will do ?, it will learn a mac-address dynamically and store in running-config to avoid relearning mac address.

what happen if new mac-address come in as replacement in this port, we have to reconfigure the switch's interface.

or

we have another option,

Switch(config-if)#switchport port-security mac-address sticky aaaa.aaaa.aaaa

Switch(config-if)#do copy run start

so, when switch reload again, it will override the previous learned mac-address, and start using this new mac from now on.

When you use sticky MAC addresses you'll want to make sure that the MAC addresses are cleared off of a switch when a device is moved. We had a laptop that was moved from one client location to another and one of the distribution switches was thinking the device was plugged into the old switch and the other distribution switch thought it was plugged ito the new switch. This created a situation where some network traffic was reaching the laptop and some was going into a black hole. After clearing the the sticky MAC addresses on the old switch the problem was resolved.

If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration

Published on Cisco 3750

To be informed of the latest articles, subscribe:
You might also like:
Cisco 3750X channel-misconfig
Cisco 3750X channel-misconfig
Assigning Multiple IP Addresses to Network Interfaces
Assigning Multiple IP Addresses to Network Interfaces
Connect Cisco 3750x to Procurve 2910
Connect Cisco 3750x to Procurve 2910
VLAN Communication Problem
VLAN Communication Problem
Cisco 3750 Switch PBR
How to prevent loop in OSPF
Comment on this post