cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
246
Views
0
Helpful
4
Replies
Highlighted

PORT-SECURITY

Hi Experts,

 

What is the difference between securesticky and securedynamic in the output of "sh port-sec add"

 

1. As far as my understanding both term define the MAC address learned dynamically.

2. The difference I could see is that in running config for sticky, could see the MAC address of the device.

 

Is there any special difference apart from this?

 

Thanks,

Sathish

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Beginner

Re: PORT-SECURITY

Hi, you're pretty much spot on.

The advantage of using sticky (and subsequently have the dynamically learned MAC addresses in the running config) is the ability the save them to the startup config and have them persist after a reboot, thus making the ports that much more secure.

Rather than hoping that the right devices (the ones you wish to allow on said ports) send traffic through it first when the switch dynamically learns addresses all over again.

View solution in original post

Highlighted
Hall of Fame Expert

Re: PORT-SECURITY

Hi,

This is also a good document explaing the difference

You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. To enable sticky learning, enter the switchport port-security mac-address sticky command. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses.

The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the configuration, they are lost.

If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

Link:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html

HTH

View solution in original post

4 REPLIES 4
Highlighted
Beginner

Re: PORT-SECURITY

Hi, you're pretty much spot on.

The advantage of using sticky (and subsequently have the dynamically learned MAC addresses in the running config) is the ability the save them to the startup config and have them persist after a reboot, thus making the ports that much more secure.

Rather than hoping that the right devices (the ones you wish to allow on said ports) send traffic through it first when the switch dynamically learns addresses all over again.

View solution in original post

Highlighted
Hall of Fame Expert

Re: PORT-SECURITY

Hi,

This is also a good document explaing the difference

You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. To enable sticky learning, enter the switchport port-security mac-address sticky command. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses.

The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the configuration, they are lost.

If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

Link:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html

HTH

View solution in original post

Highlighted

Re: PORT-SECURITY

Thank a lot. Understood the concept
Highlighted

Re: PORT-SECURITY

Thanks you. Got the concept
CreatePlease to create content
Content for Community-Ad