Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Quick Question Regarding Port Security

The OCD ICND1 book does not seem to clarify this, but when you are configuring port security and you do not define the MAC addresses of the nodes that are allowed to send frames into a given interface, does the switch default to using the dynamically learned MAC address as the allowed MAC address, which is learned when a frame is received by the switch on that given interface? I assume that it does, but I want to make sure that what I am assuming is correct.

100% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
level 1
CCNP R&S4 points · 8 months ago


There are three types of secure addresses that port security uses:

  • Static - This are addresses that you specifically configure using switchport port-security mac-address xxxx.xxxx.xxxx.

  • Dynamic - This are addresses that the switch learns though the usual process of MAC address learning. These will eventually age out, allowing different MACs to be learned/permitted.

  • Sticky - These are a compromise between static and dynamic. Sticky addresses are learned dynamically, and then added as (functionally) static addresses in the running-config. This means you can learn the address dynamically but not have it time out with MAC table aging. Sticky learning is configured with the switchport port-security mac-address sticky command.

level 1
CCNA R&SOriginal Poster1 point · 8 months ago

Perfect explanation. Thanks!

Community Details





Create Post
r/ccna Rules
No posting of illegal materials
No posting of braindumps
Be courteous and helpful
Don't ask others to complete your labs
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.