09-25-2019 01:13 PM
Hy guys,
I have some questions regarding to port security on my 2690 catalyst
so i enable mode acces on a port
i set the following options
switchport port-security mac-address sticky
switchport port-security maximum 1
switchport port-security violation shutdown
which is great , the first address that comes up on that port will be the only one permited.
so my questions are
1. is the mac stored in run or start?
2.how long is the mac address stored in config file? is it the same as in arp table 4 hours?
3.what happens if i change the mac address (device) on that port how do i change the sticky address?
4.what happens if for example i reboot my switch? is the mac address lost. for example if someone else who knows cisco might reboot the switch so that he can plug another pc . is that possible and allowed?
5.what are some real world examples for the port-security options . i mean... is it good practice to allow 1 ,2 , or all?
thanks!
Solved! Go to Solution.
09-25-2019 01:40 PM - edited 09-25-2019 01:48 PM
Hello
@silviu1983 wrote:
Hy guys,
I have some questions regarding to port security on my 2690 catalyst
so i enable mode acces on a port
i set the following options
switchport port-security mac-address sticky
switchport port-security maximum 1
switchport port-security violation shutdown
which is great , the first address that comes up on that port will be the only one permited.
so my questions are
1. is the mac stored in run or start? - only in running-config UNLESS you save that running-config before a reload
2.how long is the mac address stored in config file? is it the same as in arp table 4 hours? - arp or cam table?
they will be in the cam table but no they wont expire as far i I understand it because they are stored in the running config after being converted from dynamic learned to sticky statics addresses.3.what happens if i change the mac address (device) on that port how do i change the sticky address? - it will relearn the new address that is unless you have a maximum mac-limit set to 1
4.what happens if for example i reboot my switch? is the mac address lost. for example if someone else who knows cisco might reboot the switch so that he can plug another pc . is that possible and allowed? -answer is in question 1
09-25-2019 01:57 PM
Hi @silviu1983,
I think this guide answers your questions:
About question 5, I have read that it is advisable to leave a maximum of 2, in case in the future an IP phone and a PC are connected to the same port.
Regards
09-25-2019 01:40 PM - edited 09-25-2019 01:48 PM
Hello
@silviu1983 wrote:
Hy guys,
I have some questions regarding to port security on my 2690 catalyst
so i enable mode acces on a port
i set the following options
switchport port-security mac-address sticky
switchport port-security maximum 1
switchport port-security violation shutdown
which is great , the first address that comes up on that port will be the only one permited.
so my questions are
1. is the mac stored in run or start? - only in running-config UNLESS you save that running-config before a reload
2.how long is the mac address stored in config file? is it the same as in arp table 4 hours? - arp or cam table?
they will be in the cam table but no they wont expire as far i I understand it because they are stored in the running config after being converted from dynamic learned to sticky statics addresses.3.what happens if i change the mac address (device) on that port how do i change the sticky address? - it will relearn the new address that is unless you have a maximum mac-limit set to 1
4.what happens if for example i reboot my switch? is the mac address lost. for example if someone else who knows cisco might reboot the switch so that he can plug another pc . is that possible and allowed? -answer is in question 1
09-25-2019 01:57 PM
Hi @silviu1983,
I think this guide answers your questions:
About question 5, I have read that it is advisable to leave a maximum of 2, in case in the future an IP phone and a PC are connected to the same port.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide