CCNA question

[sutahz]

I was wondering if someone could explain the following command:
Switch(config-if)#switchport port-security mac-address sticky

Thanks in advance.

 

[spidey07]

It places the current dynamic MAC address learned on the interface into the allowed MAC address list for the port.

 

[sutahz]

so using sticky is that the most recent four or just the first 4? How does sticky work as opposed to:
Switch(config-if)#switchport port-security max <#>
which if I understand correctly records the first 4 and that is its list.

 

[RadiclDreamer]

Sticky is only for the current from what I recall, but I dont use port security a whole lot.

max #

Sets the max number of allowed mac addresses allowed.

 

[Pheran]

Originally posted by: sutahz
so using sticky is that the most recent four or just the first 4? How does sticky work as opposed to:
Switch(config-if)#switchport port-security max <#>
which if I understand correctly records the first 4 and that is its list.

The difference is that sticky permanently remembers those MAC addresses by actually adding them to the switch configuration. With regular dynamic port security, the MACs never get put in the config and the secure MAC list will be cleared out if carrier goes down on the port, or if you configure port-security aging.

Basically dynamic port security is useful if you only care about the maximum number of MACs on a port (this is good protection against MAC flooding attacks), whereas using sticky or hardcoding a MAC list means you care specifically about what devices can plug into that port.

 

[her209]

Sticky makes the first MAC address that it learns for that port "stick". It adds the MAC address to the running-config. You should see the learned mac address using the show run command.

 

[sutahz]

Ok so just to be extra sure as you all state:
sticky is basically, as per my example, the first 4 MACs that 'get in' are the ones that can access the network
as for Switch(config-if)#switchport port-security max <#>
as long as no more than 4 devices are trying to connect the switch's port security is happy.
I'm self studying for CCNA so I have no teacher to consult.
I'm using AT for more than OT

 

[xSauronx]

Originally posted by: sutahz
Ok so just to be extra sure as you all state:
sticky is basically, as per my example, the first 4 MACs that 'get in' are the ones that can access the network
as for Switch(config-if)#switchport port-security max <#>
as long as no more than 4 devices are trying to connect the switch's port security is happy.
I'm self studying for CCNA so I have no teacher to consult.
I'm using AT for more than OT

google works wonders on cisco material. in fact, the cisco website actually has lots of info on things if you poke around...or google and take the cisco link.

 

[spidey07]

For others - any command you ever wanted to understand for Cisco IOS can be found by going to http://www.cisco.com and putting "command reference" for your version. Their site is second to none in terms of documentation.

Reading their reference manuals will also learn you something. In other words, RTFM.

 

[xSauronx]

i have to say, their textbooks are very well written. i start underlining to take notes later on and often find myself underlining *a lot* because they do such a thorough job of describing/explaining things

 

[spidey07]

Originally posted by: xSauronx
i have to say, their textbooks are very well written. i start underlining to take notes later on and often find myself underlining *a lot* because they do such a thorough job of describing/explaining things

I'm only a cisco bigot because of their documentation. I'm not kidding when I say I have 20+ ciscopress books in my library.

You know...books. The things you read with pages.

 

[sutahz]

I did google this before asking the question here. Yes, google did bring me to a cisco.com page, but I still had questions. I'm very sure the information they presented was well laid out and percise for those that know the information. I however have this question (still) and thought to turn to a forum w/ those of technical knowlege to help me along. Thank you for your help so far, I guess I'm on my own+google hell or high water.

 

[spidey07]

Originally posted by: sutahz
I did google this before asking the question here. Yes, google did bring me to a cisco.com page, but I still had questions. I'm very sure the information they presented was well laid out and percise for those that know the information. I however have this question (still) and thought to turn to a forum w/ those of technical knowlege to help me along. Thank you for your help so far, I guess I'm on my own+google hell or high water.

Sorry, I wasn't trying to say don't questions, I love explaining this stuff to people.

I was saying cisco's documentation is really good.