Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
4
Replies

Sticky secure mac feature

Go to solution
PietroPoliseno27977
Spotlight
Spotlight

‎05-01-2020 08:59 AM

Hi everyone, I've seen the different features that the switch uses to learn mac addresses. Specifically, it dynamically learns them and when a device is disconnected from that port it is lost after a certain time. If instead I configure sticky secure mac from what I understand dynamically learns the mac of the device and saves it in running config. Subsequently, if I save it in startup config, at restart will only that mac address be authorized to send frames? That is, if the functionality is still active, I disconnect that device and connect another on that same interface. Does the switch recognize a violation on the interface?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to PietroPoliseno27977

‎05-01-2020 10:14 AM - edited ‎05-01-2020 10:15 AM

hi @PietroPoliseno27977 

If your switch is configured with the maximum number of allowable MAC addresses = 1 on the respective, when you disconnect MAC A and connect MAC B, there will be a security violation since the maximum number of secure MAC addresses has been added to the address table (1 MAC = MAC A) and a  new device (MAC B) whose MAC address is not in the address table attempts to access the interface. 

Based on the configuration present on the switch, one of the following actions will be taken:

switchport port-security violation restrict  — port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated.

switchport port-security violation shutdown —  port security violation causes the interface to shut down immediately. (default config)

 

Hope it helps,

Sergiu

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
omz
VIP Alumni
VIP Alumni

‎05-01-2020 09:11 AM

switchport port-security maximum max-addr [ vlan vlan-ID ]

max-addr defines the number of mac address allowed to learn. If max-addr is 1 and a different mac-addr is connected .. action defined in switchport port-security violation { protect | restrict | shutdown } is taken.

 

0 Helpful

Go to solution
PietroPoliseno27977
Spotlight
Spotlight
In response to omz

‎05-01-2020 09:51 AM

Hi Thanks for the reply. Yes this fortunately I understood it but I did not understand the sticky functionality I wanted to understand when the switch with sticky active dynamically learns the mac of a device "A" connected on a port for example F0 / 1, this mac is recorded in the port configuration security; then I save it in the startup config. So far it is clear. If I disconnect device "A" from F0 / 1 and connect device "B", having previously learned "A" with sticky functionality and still active, can device "B" work on F0 / 1?
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to PietroPoliseno27977

‎05-01-2020 10:14 AM - edited ‎05-01-2020 10:15 AM

hi @PietroPoliseno27977 

If your switch is configured with the maximum number of allowable MAC addresses = 1 on the respective, when you disconnect MAC A and connect MAC B, there will be a security violation since the maximum number of secure MAC addresses has been added to the address table (1 MAC = MAC A) and a  new device (MAC B) whose MAC address is not in the address table attempts to access the interface. 

Based on the configuration present on the switch, one of the following actions will be taken:

switchport port-security violation restrict  — port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated.

switchport port-security violation shutdown —  port security violation causes the interface to shut down immediately. (default config)

 

Hope it helps,

Sergiu

 

0 Helpful

Go to solution
PietroPoliseno27977
Spotlight
Spotlight
In response to Sergiu.Daniluk

‎05-01-2020 10:21 AM

Ok thanks perfect as always very clear thanks
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card