09-04-2008 08:02 PM - edited 03-03-2019 11:25 PM
Dear All Expert,
Could you help me please!!!
I had Cisco Switch CE500 and i would like to do enable port Security on this switch .....and some command i not clear and would like to ask you as bellow:
1-what is different between static mac-address and sticky?
2-Please see command as bellow:
switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
switchport port-security mac-address sticky
switchport port-security mac-address sticky 001b.38a1.0c38
i worry when i use this command sticky when i reboot switch it release automatic,i want to use this mac-address for log time...
how can we know when it release this mac-address?
3-on CE500 i want to use static mac-address but it not allow?
Best Regards,
Rechard_hk
Solved! Go to Solution.
09-05-2008 01:47 AM
Also sticky secure mac addresses will not age..infact switch does not support it..
So aging is for dynamically learned & statically configured mac addresses only..
For static entries you need to add "static" keyword as follows
"switchport port-security aging static"
HTH..rate if helpful..
09-04-2008 09:48 PM
Hi,
â¢Static secure MAC addresses-These are manually configured by using the switchport port-security mac-address mac-address interface configuration command, stored in the address table, and added to the switch running configuration.
â¢Dynamic secure MAC addresses-These are dynamically configured, stored only in the address table, and removed when the switch restarts.
â¢Sticky secure MAC addresses-These are dynamically configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them.
To configure static mac-address use command "switchport port-security mac-address"
And if you have configure the sticky & saved, it should remain in it..
HTH..rate if helpful..
09-05-2008 12:58 AM
Dear satish,
i would like to confirm you that the command Sticky secure MAC address mean it store in address-table and when we saved the configuration( mean that when the switch restart all the mac-address not loss right?)
Bye the way could you explain me command as below:
1-switchport port-security aging time 2
2-switchport port-security violation restrict
3-switchport port-security aging type inactivity
this command i'm not clear ?
could you explain me...?
Best Regards,
09-05-2008 01:42 AM
Port Security violation happens when one of these situations occurs:
⢠The maximum number of secure MAC addresses have been added to the address table, and a station
whose MAC address is not in the address table attempts to access the interface.
⢠An address learned or configured on one secure interface is seen on another secure interface in the
same VLAN.
You can configure the interface for one of three violation modes, based on the action to be taken if a
violation occurs:
⢠protect-when the number of secure MAC addresses reaches the maximum limit allowed on the
port, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses. You are not notified that a security violation has occurred.
⢠restrict-when the number of secure MAC addresses reaches the maximum limit allowed on the
port, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses.
⢠shutdown-a port security violation causes the interface to become error-disabled and to shut down
immediately, and the port LED turns off
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
⢠Absolute-The secure addresses on the port are deleted after the specified aging time in minutes.
⢠Inactivity-The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time in minutes.
So in your case if there is no activity on your port for 2 minutes , all secure mac addresses on this port will be deleted.
HTH..rate if helful..
09-05-2008 01:47 AM
Also sticky secure mac addresses will not age..infact switch does not support it..
So aging is for dynamically learned & statically configured mac addresses only..
For static entries you need to add "static" keyword as follows
"switchport port-security aging static"
HTH..rate if helpful..
09-07-2008 05:47 PM
Dear Satish,
Thanks you for your time and fully support...
:)
Best Regards,
Rechard_hk
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: