Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
3
Replies

Turn of sticky learning, but keep learned MAC addresses

esgengc
Level 1
Level 1

‎09-08-2023 02:10 AM

I've set up multiple interfaces (both access & trunk) on a switch with sticky learning like this:

switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security

The trunk interfaces also run 8 VLANs. 
The switch has learned 5 MAC addresses.

How can I now turn off sticky learning WITHOUT losing the already learned addresses? 
Ideally, I want to turn it off and write the learned MACs to the startup-config. 

"no switchport port-security mac-address sticky" deletes all the learned MACs. 

What I'm trying to achieve (this isn't my idea of port-security but what the customer explicitly wants…): 

Turn on port-security with sticky learning. Give the whole system an hour to learn all trustworthy MACs. 
After one hour, have a PEBKAC user turn off learning and have a system with "static" MAC port-security going forward. 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-08-2023 02:55 AM

Personallu i will add stick mac address you want to retain in the learned on dynamically to static and remove dynamic sticky option.

switchport port-security mac-address sticky XXX1

switchport port-security mac-address sticky XXX2

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

esgengc
Level 1
Level 1
In response to balaji.bandi

‎09-08-2023 03:45 AM

Thanks for your answer. 
This again would add the address as a "sticky" MAC - right? 
And they would be deleted after "no switchport port-security mac-address sticky".

Wouldn't you want to do "switchport port-security mac-adress a.b.c" instead? 
That way the addresses should be retained after "no switchport port-security mac-address sticky". 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎09-08-2023 10:52 AM

switchport port-security mac-address sticky  - Dynamically learning

switchport port-security mac-address sticky xxx - you configuring statically only allowed in that port.

ouldn't you want to do "switchport port-security mac-adress a.b.c" instead?

yes that can be also used - If you enable sticky learning after you enter this command, the secure addresses that were dynamically learned are converted to sticky secure MAC addresses and are added to the running configuration.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card