![What is switchport port security mac address sticky](https://kumkoniak.com/106.jpg)
![what is switchport port security mac address sticky what is switchport port security mac address sticky](https://image.slidesharecdn.com/cmd-150317222626-conversion-gate01/95/cmd-2-638.jpg)
Our switches are running IOS Release 12.1Cisco’s web site shows this command supported on a 3550 using Cisco IOS Release 12.2(35) SE (See web page). Also, the use of ip source binding was also unavailable. Note: The running-config is actually changed to add new “sticky” lines with the actual mac addresses added “…sticky #.#.#”Īlso, I’ll note here, I attempted to proceed with DAI (Dynamic ARP Inspection) but the switch’s CLI simply returned an error that the ip arp… command is invalid. So this time I used the right IOS, so we get to see some security in action. Port-security mac-address sticky command next time.”
![what is switchport port security mac address sticky what is switchport port security mac address sticky](https://www.hitechmv.com/wp-content/uploads/2014/06/mac-stick0071.jpg)
However, later research on the Cisco web site indicates it’s not (see Note 1 below). Though I followed Cisco’s instructions (ISBN-10: 1-58720-171-2) where it indicates that Sticky Learning is the default. “During this practice setup, I found that the 3550 switch DID restrict use of multiple MACs it didn’t learn a “Sticky MAC” address and permitted me to swap out one PC for another.
![what is switchport port security mac address sticky what is switchport port security mac address sticky](https://www.computernetworkingnotes.org/images/intro/ccna-study-guide/switchport-port-security-explained-with-examples.png)
Last time the Sticky wasn’t working quite right (thanks to errors in Cisco book!): But, it does afford some level of protection, so off we go… Shoot, I can even plug in my old Linksys NAT router, have it “clone” my PC’s mac address and it will be able to circumnavigate all of the above listed exploits.
![what is switchport port security mac address sticky what is switchport port security mac address sticky](https://miro.medium.com/max/988/1*6TphHpeooFUNpcHYVquy_A.png)
We can mitigate problems from normal, non-hacker users presumably hackers could spoof a laptops MAC address. It’s easy to see that the VM – Parallels in this case – uses a separate MAC address for its separate IP in the following screen shot:
- Unauthorized use of a virtual machine (VM) on a PC which creates a new MAC address.
- A user unplugging their corporate PC and plugging in an unauthorized laptop.
- A user bringing in their own router, switch or hub to create a rogue network.
- Cisco’s port-security feature in its switches can restrict a switchport to a single, learned MAC address, potentially preventing such security issues as: