Back to Blog
Dynamically learned mac addresses7/15/2023 – Only the host with MAC address will be allowed to transmit on the port. With the above configuration, if a computer with a MAC address of were plugged into the switch, the following two things would occur: Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#switchport port-security Manually configuring all of your switch ports in this way, however, would require documenting all of your existing MAC addresses and configuring them specifically per switch port, which could be an extremely time-consuming task.Īn example of the use of the switchport port-security mac-address sticky command is shown below: Switch(config)#interface fastethernet0/16 This command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. The following command secures a switch by manually defining an allowed MAC address: switch(config-if)# switchport port-security mac-address 00C0.35F0.8301 Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to connect, and by defining violation policies (such as disabling the port) if additional hosts try to gain a connection. By default, an unlimited number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switches dynamically build MAC address tables in RAM, which allow the switch to forward incoming frames to the correct target port. Once the approved MAC addresses have all been learned, the network administrator simply saves the running-configuration file to NVRAM with the copy running-config startup-config command. Issuing the switchport port-security mac-address sticky command will allow a switch to save a dynamically learned MAC address in the running-configuration of the switch, which prevents the administrator from having to document or configure specific MAC addresses.
0 Comments
Read More
Leave a Reply. |