Which command will save a dynamically learned MAC addre…

Which command will save a dynamically learned MAC address in the running-configuration of a Cisco switch?

Which command will save a dynamically learned MAC address in the running-configuration of a Cisco switch?

A.
switchport port-security mac-address

B.
switchport port-security

C.
switchport port-security sticky mac-address

D.
switchport port-security mac-address sticky

E.
switchport mac-address sticky

Explanation:
Issuing the switchport port-security mac-address sticky command will allow a switch to save a dynamically learned MAC address in the running-configuration of the
switch, which prevents the administrator from having to document or configure specific MAC addresses. Once the approved MAC addresses have all been learned,
the network administrator simply saves the running-configuration file to NVRAM with the copy running-config startup-config command.
Switches dynamically build MAC address tables in RAM, which allow the switch to forward incoming frames to the correct target port. By default, an unlimited
number of MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by

defining one or more specific MAC addresses that should be allowed to connect, and by defining violation policies (such as disabling the port) if additional hosts try
to gain a connection. The following command secures a switch by manually defining an allowed MAC address:
switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
This command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. Manually configuring all of your switch ports in this way,
however, would require documenting all of your existing MAC addresses and configuring them specifically per switch port, which could be an extremely timeconsuming task.
An example of the use of the switchport port-security mac-address sticky command is shown below:
Switch(config)#interface fastethernet0/16
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
With the above configuration, if a computer with a MAC address of 0000.00bb.bbbb were plugged into the switch, the following two things would occur:
Only the host with MAC address 000.00bb.bbbb will be allowed to transmit on the port. This is a result of the port-security mac-address-sticky command, which
instructs the switch to learn the next MAC address it sees on the port, and of the port-security maximum 1 command, which further instructs the switch that the
address learned is the only address allowed on the port.
All frames arriving at the switch with a destination address of 0000.00bb.bbb will be forwarded out on Fa0/16.
The switchport port-security mac-address sticky command can also be used in combination with the interface-range command to make every port on the switch
behave in this fashion as shown below for a 24-port switch.
Switch(config)#interface range fastethernet0/1-24
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
The switchport port-security mac-address command is incorrect since this command requires an additional argument to be valid (either a statically configured MAC
address or the sticky option).
The switchport port-security command activates port security on the switch port, but does not configure sticky MAC address learning.
The switchport port-security sticky mac-address and switchport mac-address sticky options are incorrect because these are not valid Cisco IOS commands.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port security

Cisco > Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide > Configuring Port Security > Enabling Port Security with Sticky MAC Addresses
on a Port
Cisco > Cisco IOS Security Command Reference > show vtemplate through switchport port-security violation > switchport port-security mac-address



Leave a Reply 0

Your email address will not be published. Required fields are marked *