switchport port-security

I hope this helps:

"After you have set the maximum number of secure MAC addresses on a port, the secure addresses are included in an address table in one of these ways:

- You can configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.

- You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.

- You can configure a number of addresses and allow the rest to be dynamically configured.

Note If the port shuts down, all dynamically learned addresses are removed.

- You can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, it is not recommended."

Doan

Thanks for that info but I'm still unclear what the difference between the 2 commands is, if any. The Cisco statement

" Although sticky secure addresses can be manually configured, it is not recommended. "

does not give much away. I wonder why this is not recommended?

Thanks,

FWS

Doan wrote:

The first one is straight forward, you know the mac-address on that port and you configure it so.

The second one gives you more flexibility. The mac-address can be dynamically learned. The actual command you type in is: "switchport port-security mac-address sticky" The router then automatically add the command: "switchport port-security mac-address sticky H.H.H" once it learned the mac-addresss. You can also manually configured it but you might as well configure as in the first one.

Doan