Configuring Port Security
Enabling Port Security with Sticky MAC Addresses on a Port
To enable port security with sticky MAC addresses on a port, perform this task:
Command
Step 1
Router(config)# interface type
Step 2
Router(config-if)# switchport port-security
mac-address sticky
Router(config-if)# no switchport port-security
mac-address sticky
1.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When enabling port security with sticky MAC addresses, note the following information:
•
•
•
This example shows how to enable port security with sticky MAC addresses on Fast Ethernet port 5/12:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# interface fastethernet 5/12
Router(config-if)# switchport port-security mac-address sticky
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
43-8
1
slot/port
When you enter the switchport port-security mac-address sticky command:
All dynamically learned secure MAC addresses on the port are converted to sticky secure MAC
–
addresses.
Static secure MAC addresses are not converted to sticky MAC addresses.
–
Secure MAC addresses dynamically learned in a voice VLAN are not converted to sticky MAC
–
addresses.
New dynamically learned secure MAC addresses are sticky.
–
When you enter the no switchport port-security mac-address sticky command, all sticky secure
MAC addresses on the port are converted to dynamic secure MAC addresses.
To preserve dynamically learned sticky MAC addresses and configure them on a port following a
bootup or a reload, after the dynamically learned sticky MAC addresses have been learned, you must
enter a write memory or copy running-config startup-config command to save them in the
startup-config file.
Chapter 43
Purpose
Selects the LAN port to configure.
Enables port security with sticky MAC addresses on a
port.
Disables port security with sticky MAC addresses on a
port.
End with CNTL/Z.
Configuring Port Security
OL-11439-03