MAC ADdress sticky-help please!

Hello- I am working on a cisco2950 switch Tried one of the labs from CCNA semester 3 that involves working with a sticky command fa 0/4 is connected to PC1 then made sticky using switchport port-security mac-address-table sticky

the port was set to shutdown upon violation of more than one MAC being assigned.

So that was set up -cable was unplugged and a new pc was plugged into the same port (0/4) I thought that as soon as this was plugged in, the port would shutdown-but PING was working from this PC. However when changing cable back to original PC the port promptly shutdown- requiring the interface 0/4 to be shut via the CLI and then no shut(no shut on its own didnt work) The MAC of PC1 was made static before any port security commands were added(I was told to do this in the LAB notes) I followed the Cisco notes for the lab verbatim-so am unsure what has gone wrong. TIA

Reply to
gregg johnstone
Loading thread data ...

What does a "show port-security address interface fa 0/4" give you before the cable were unplugged?

Doan

Reply to
Doan

Thanks for that-wont be able to get to lab until next week

Reply to
gregg johnstone

My guess is this. The sticky command plays no role in this problem. The PC1 MAC address was made static before you set the switchport violation command. Switchport protection only works on dynamic MAC addresses. This would explain why the port was shut down when PC1 was reconnected. The new PC which you connected was dynamic so that was registered to the port. On reconnecting PC1 the violation was triggered. Maximum defaults to 1.

by the way, I thinkt he command is switchport port-security mac-address sticky and you should enter plain switchport port-security without keywords to activate port security, before entering the command with keywords. (that's what CISCO says)

Reply to
Brian B

That makes alot of sense-when I followed the lab instructions ,you had to make PC1 a static in the MAC address table. Then when you swapped the cables over for another PC -that was dynamic-in the MAC table you had 2 MAC addys for the same port-then when changing back to original PC1 -you get shutdown, my tutor (who I have to admit ,through his own admission , has very little knowledge of Cisco Switches) claims that this was part of the Lab? This wasnt a challenge lab-you were just meant to follow the instructions, so my question is why would you be told to enter a static MAC address-when this would make the LAB run incorrectly? Many thanks, btw if anyone can give me the command sequence to make this work correct I would very grateful.

Reply to
gregg johnstone

I am not sure why CISCO set their labs up to do strange things.:))))) I am also not happy with the way CISCO describes things in their documentation or even their examination questions. Very often it is vague or the english grammar is incorrect, leading to mis-interpretation by students/users.

Anyway, maybe the static command was part of a previous exercise and not meant to be part of the sticky lab ??

I have never tried the sticky command myself as I do not have access to a 2950 (or another switch). I only quoted what I saw in their documentation but it seems to imply that sticky only works with dynamically added secure MAC addresses. Static MAC addresses for that port do not count when it comes to sticky business. The book also mentions you must enter 'switchport port-security' without keywords as the first command on the interface to activate port-security before entering it again with the keywords. Also, you must save the running to start-up if you want the secure MAC addresses to be remain active after the next reload.

Reply to
Brian B

Very often it

That I totally agree with-I emailed cisco-who sent me an email saying that it was not possible for them to fix individual questions and I should ask my tutors(one of whom left over 2 months ago)) the other tutor(who I told cisco about) openly admits to having no knowledge of Switches(he is close to retirement)-this is all the help I got. Thanks for the feedback though-I am sure I wil be asking for more help soon ;)

Reply to
gregg johnstone

Reply to
Brian B

No problem ;) I posted the question on the Cisco Forum-no replies as of yet-

Reply to
gregg johnstone

OK. Let me know what CISCO has to say. I am curious !

Reply to
Brian B

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.