Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
2
Archived

Quick Question Regarding Port Security

The OCD ICND1 book does not seem to clarify this, but when you are configuring port security and you do not define the MAC addresses of the nodes that are allowed to send frames into a given interface, does the switch default to using the dynamically learned MAC address as the allowed MAC address, which is learned when a frame is received by the switch on that given interface? I assume that it does, but I want to make sure that what I am assuming is correct.

2 comments
100% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
level 1
CCNP R&S4 points · 8 months ago

Correct.

There are three types of secure addresses that port security uses:

  • Static - This are addresses that you specifically configure using switchport port-security mac-address xxxx.xxxx.xxxx.

  • Dynamic - This are addresses that the switch learns though the usual process of MAC address learning. These will eventually age out, allowing different MACs to be learned/permitted.

  • Sticky - These are a compromise between static and dynamic. Sticky addresses are learned dynamically, and then added as (functionally) static addresses in the running-config. This means you can learn the address dynamically but not have it time out with MAC table aging. Sticky learning is configured with the switchport port-security mac-address sticky command.

level 1
CCNA R&SOriginal Poster1 point · 8 months ago

Perfect explanation. Thanks!

Community Details

35.9k

Subscribers

157

Online

Create Post
r/ccna Rules
1.
No posting of illegal materials
2.
No posting of braindumps
3.
Be courteous and helpful
4.
Don't ask others to complete your labs
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.