MAC ADdress sticky-help please!

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hello- I am working on a cisco2950 switch
Tried one of the labs from CCNA semester 3 that involves working with a
sticky command
fa 0/4 is connected to PC1 then made sticky using
switchport port-security mac-address-table sticky

the port was set to shutdown upon violation of more than one MAC being
assigned.

So that was set up -cable was unplugged and a new pc was plugged into
the same port (0/4)
I thought that as soon as this was plugged in, the port would
shutdown-but PING was working from this PC.
However when changing cable back to original PC the port promptly
shutdown- requiring the interface 0/4 to be shut via the CLI and then
no shut(no shut on its own didnt work)
The MAC of PC1 was made static before any port security commands were
added(I was told to do this in the LAB notes)
I followed the Cisco notes for the lab verbatim-so am unsure what has
gone wrong.
TIA


Re: MAC ADdress sticky-help please!
On 15 Nov 2006, gregg johnstone wrote:

Quoted text here. Click to load it
What does a "show port-security address interface fa 0/4" give you before
the cable were unplugged?

Doan



Re: MAC ADdress sticky-help please!

Doan wrote:
Quoted text here. Click to load it

Thanks for that-wont be able to get to lab until next week


Re: MAC ADdress sticky-help please!

My guess is this.  The sticky command plays no role in this problem.
The PC1 MAC address was made static before you set the switchport
violation command.  Switchport protection only works on dynamic MAC
addresses.  This would explain why the port was shut down when PC1 was
reconnected.  The new PC which you connected was dynamic so that
was registered to the port.   On reconnecting PC1 the violation was
triggered.    Maximum defaults to 1.

by the way, I thinkt he command is
switchport port-security mac-address sticky
and
you should enter plain switchport port-security without keywords to
activate port security, before entering the command with keywords.
(that's what CISCO says)


On 17 Nov 2006 10:26:42 -0800, "gregg johnstone"

Quoted text here. Click to load it

Re: MAC ADdress sticky-help please!

Brian B wrote:
Quoted text here. Click to load it

That makes alot of sense-when I followed the lab instructions ,you had
to make PC1 a static in the MAC address table.
Then when you swapped the cables over for another PC -that was
dynamic-in the MAC table
you had 2 MAC addys for the same port-then when changing back to
original PC1 -you get shutdown,
my tutor (who I have to admit ,through his own admission , has very
little knowledge of Cisco Switches) claims that this was part of the
Lab?
This wasnt a challenge lab-you were just meant to follow the
instructions, so my question is why would you be told to enter a static
MAC address-when this would make the LAB run incorrectly?
Many thanks, btw if anyone can give me the command sequence to make
this work correct I would very grateful.


Re: MAC ADdress sticky-help please!

I am not sure why CISCO set their labs up to do strange things.:)))))
I am also not happy with the way CISCO describes things in their
documentation or even their examination questions.  Very often it
is vague or the english grammar is incorrect, leading to
mis-interpretation by students/users.

Anyway, maybe the static command was part of a previous    
exercise and not meant to be part of the sticky lab ??

I have never tried the sticky command myself as I do not have
access to a 2950 (or another switch).  I only quoted what I saw in
their documentation but it seems to imply that sticky only works with
dynamically added secure MAC addresses.  Static MAC addresses
for that port do not count when it comes to sticky business.
The book also mentions you must enter
'switchport port-security' without keywords as the first command on
the interface to activate port-security before entering it again with
the keywords.
Also, you must save the running to start-up if you want the secure MAC
addresses to be remain active after the next reload.



On 20 Nov 2006 10:57:28 -0800, "gregg johnstone"

Quoted text here. Click to load it

Re: MAC ADdress sticky-help please!

Brian B wrote:
Quoted text here. Click to load it

Very often it
Quoted text here. Click to load it

That I totally agree with-I emailed cisco-who sent me an email saying
that it was not possible for them to fix individual questions and I
should ask my tutors(one of whom left over 2 months ago)) the other
tutor(who I told cisco about) openly admits to having no knowledge of
Switches(he is close to retirement)-this is all the help I got.
Thanks for the feedback though-I am sure I wil be asking for more help
soon ;)


Re: MAC ADdress sticky-help please!

Best of luck in trying to sort out the problem.
I will try to help if I can, but I'm no expert as I'm still learning
CISCO myself !:)))

On 21 Nov 2006 14:21:51 -0800, "gregg johnstone"

Quoted text here. Click to load it

Re: MAC ADdress sticky-help please!

Brian B wrote:
Quoted text here. Click to load it

No problem ;)
I posted the question on the Cisco Forum-no replies as of yet-


Re: MAC ADdress sticky-help please!
OK.  Let me know what CISCO has to say.
I am curious !



On 23 Nov 2006 13:54:23 -0800, "gregg johnstone"

Quoted text here. Click to load it

Site Timeline