Solved: Port sticky command

Mitchell.Harmon · ‎11-28-2013

Im a little confused on port sticky command, Would it be more Likely to be used as a security for only allowing some devices to connect to a network, or to just keep trace of the devices that have been and currently are connected?

Ive search for a while but just keep coming up short on a basic answer.

Jon Marshall · ‎12-30-2013

Mitchell

What it should do is when you enable sticky learning the mac address should be written to the running config under the interface of the port. So if you do a "sh run" after you have enabled it (and assuming there is a device connected) you should see in the running config -

int

switchport port-security mac-address sticky

if you then disconnect the device and try to connect another it should not allow it. In addition if you then save configuration and reload the switch it should keep the entries under the port.

Basically it is a way to avoid having to manually type in which mac addresses are meant to be associated with which port.

Are you testing on real switches ?

Jon

View solution in original post

Jon Marshall · ‎11-28-2013

Mitchell

It is primarily a security command to allow you to limit which mac-addresses can use that port rather than simply keeping track of which devices are currently connected. If you simply wanted to see which devices were connected at any time you could just look at the mac address table on your switch ie.

sh mac address-table or sh mac-address-table depending on the switch.

Jon

Mitchell.Harmon · ‎12-30-2013

I have been playing around with the command some more and I still can't fiqure out what it does.

This is the Set up on the Switch.

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 1

Last Source Address:Vlan : 0001.962D.BB9A:1

Security Violation Count : 0

When I disconnect the Device that is connected to Port Fast/01 and Connect up a different Host to the same port, it won't shut the port down.

Its like it forgets the First host completly, Although when I connect it up to another Switch and Put 2 Comps on that switch it does shut down but thats only because the Maximum MAC is 1. So really the sticky command hasn't done anything.

I honestly have Played with the Command for a couple hours on several occasions and read every peice of material I can find. Anything you guys know I would like to know.

Jon Marshall · ‎12-30-2013

Mitchell

What it should do is when you enable sticky learning the mac address should be written to the running config under the interface of the port. So if you do a "sh run" after you have enabled it (and assuming there is a device connected) you should see in the running config -

int

switchport port-security mac-address sticky

if you then disconnect the device and try to connect another it should not allow it. In addition if you then save configuration and reload the switch it should keep the entries under the port.

Basically it is a way to avoid having to manually type in which mac addresses are meant to be associated with which port.

Are you testing on real switches ?

Jon

Mitchell.Harmon · ‎12-30-2013

Thanks for answering Jon.

I have found the answer. I have not been testing real equipment, which was the cause of the trouble.

I'm still just going for my CCENT lol.

Failed it Twice already but I determined to get it!

anyways, your hint towards are you using real equipment made me think about what the Packet Tracer Program may be missing. I overlooked this one quite a bit as the Host computers on Packet trace do not have Macs on them!!!

So many hours wasted on a simple little thing, Maybe thats why im failing CCENT Blah!

Jon Ill be back for more information on another topic soon enough, you can count on that.