cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
856
Views
0
Helpful
4
Replies

Sticky secure mac feature

Hi everyone, I've seen the different features that the switch uses to learn mac addresses. Specifically, it dynamically learns them and when a device is disconnected from that port it is lost after a certain time. If instead I configure sticky secure mac from what I understand dynamically learns the mac of the device and saves it in running config. Subsequently, if I save it in startup config, at restart will only that mac address be authorized to send frames? That is, if the functionality is still active, I disconnect that device and connect another on that same interface. Does the switch recognize a violation on the interface?

1 Accepted Solution

Accepted Solutions

hi @PietroPoliseno27977 

If your switch is configured with the maximum number of allowable MAC addresses = 1 on the respective, when you disconnect MAC A and connect MAC B, there will be a security violation since the maximum number of secure MAC addresses has been added to the address table (1 MAC = MAC A) and a  new device (MAC B) whose MAC address is not in the address table attempts to access the interface. 

Based on the configuration present on the switch, one of the following actions will be taken:

switchport port-security violation restrict  — port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated.

switchport port-security violation shutdown —  port security violation causes the interface to shut down immediately. (default config)

 

Hope it helps,

Sergiu

 

View solution in original post

4 Replies 4

omz
VIP Alumni
VIP Alumni

switchport port-security maximum max-addr [ vlan vlan-ID ]

max-addr defines the number of mac address allowed to learn. If max-addr is 1 and a different mac-addr is connected .. action defined in switchport port-security violation { protect | restrict | shutdown } is taken.

 

Hi Thanks for the reply. Yes this fortunately I understood it but I did not understand the sticky functionality I wanted to understand when the switch with sticky active dynamically learns the mac of a device "A" connected on a port for example F0 / 1, this mac is recorded in the port configuration security; then I save it in the startup config. So far it is clear. If I disconnect device "A" from F0 / 1 and connect device "B", having previously learned "A" with sticky functionality and still active, can device "B" work on F0 / 1?

hi @PietroPoliseno27977 

If your switch is configured with the maximum number of allowable MAC addresses = 1 on the respective, when you disconnect MAC A and connect MAC B, there will be a security violation since the maximum number of secure MAC addresses has been added to the address table (1 MAC = MAC A) and a  new device (MAC B) whose MAC address is not in the address table attempts to access the interface. 

Based on the configuration present on the switch, one of the following actions will be taken:

switchport port-security violation restrict  — port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated.

switchport port-security violation shutdown —  port security violation causes the interface to shut down immediately. (default config)

 

Hope it helps,

Sergiu

 

Ok thanks perfect as always very clear thanks
Review Cisco Networking for a $25 gift card