You can still save an address in the startup-config without sticky, you just have to manually specify it. With sticky, you can learn the address dynamically - then it shows up in the running config and you can save it.
On Sat, Jun 5, 2010 at 11:06 PM, Johan Bornman <[email protected]> wrote: > Kings, > > > > Your first query – If you don’t have the keyword sticky the switch looses > the config after a reboot. > > > > Johan > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* 05 June 2010 04:15 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] switch port security > > > > Hi all > > I have couple of queries in the config given below taken from cciedoc > > *Query 1* > > What is the difference between the following two commands: > > *switchport port-security mac-address sticky 0000.0000.0002* > *switchport port-security mac-address 0000.0000.0003* > > Does the sticky keyword disable aging for the secure mac address? > > *Query 2* > > switchport port-security mac-address sticky 0000.0000.0001 vlan acess => > puts the secure mac address in access vlan > switchport port-security mac-address sticky 0000.0000.0001 vlan voice => > pits the secure mac addres in voice vlan > > Now, if I don't specify either access or voice vlan, to which vlan with * > 0000.0000.0003* put into? > > *switchport port-security mac-address 0000.0000.0003* > > > > > > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtrafc.html > > Switch(config)# interface FastEthernet0/1 > Switch(config-if)# switchport access vlan 21 > Switch(config-if)# switchport mode access > Switch(config-if)# switchport voice vlan 22 > Switch(config-if)# switchport port-security > Switch(config-if)# switchport port-security maximum 20 > Switch(config-if)# switchport port-security violation restrict > Switch(config-if)# switchport port-security mac-address sticky > Switch(config-if)# switchport port-security mac-address sticky > 0000.0000.0002 > Switch(config-if)# switchport port-security mac-address 0000.0000.0003 > Switch(config-if)# switchport port-security mac-address sticky > 0000.0000.0001 vlan voice > Switch(config-if)# switchport port-security mac-address 0000.0000.0004 vlan > voice > Switch(config-if)# switchport port-security maximum 10 vlan access > Switch(config-if)# switchport port-security maximum 10 vlan voice > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
