![]() Get my ICND1 and ICND2 courses for $10 here: (you will get ICND2 as a free bonus when you buy the ICND1 course).įor lots more content, visit – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. To clear ALL sticky MAC's learned dynamically on the switch, use the “ clear port-security dynamic” command.Get the Packet Tracer course for only $10 by clicking here: This command clears the MAC address learned on the port, in case you want to replace the device with something else on that same port:Ĭlear port-security sticky interface GigabitEthernet0/4 If the person removes the “bad” device and puts the “allowed” device back into the port (the one matching the MAC stored on the switch) the port comes back online and works normal again after the 60 second window expires. With the errdisable recovery, the port will try to come back online, but if the plugged in device does not match the MAC stored in the switchport, it just goes back to errdisable right away. ![]() (Optional) To set the ports to auto-recover from the err-disabled state, rather than have to shut / no shut them manually:Įrrdisable recovery cause psecure-violation Switchport port-security mac-address sticky 18a9.05d6.3f7e vlan access ![]() To view the MAC permitted on the interface:Īfter your port learns the MAC address of the device connected to the switch port, you'll see a line similar to this, having been added to the interface config: Switchport port-security maximum <- to manually specify a MAC that's allowed, or multiple MACs allowed. Switchport port-security mac-address sticky ![]() ![]() Switchport port-security violation shutdown Go under the interface you wish to secure and configure it similar to below: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |