#Dynamic mac address learning full#
In the last command 2950Switch(config-if)# switchport port-security maximum 1 you limited the number of secure MAC addresses to one and dynamically assigned it (because no MAC address is mentioned, the switch will get the MAC address of the attached MAC address to interface fa0/1), the workstation attached to that port is assured the full bandwidth of the port.Therefore only host A will be allowed to transmit frames on fa0/1 -> B is correct.Īfter you have set the maximum number of secure MAC addresses for interface fa0/1, the secure addresses are included in the “Secure MAC Address” table (this table is similar to the Mac Address Table but you can only view it with the show port-security address command). In this case, the switch will dynamically learn the MAC address of host A and add this MAC address to the running configuration. It might be easiest to give up, disable dynamic MAC learning on the peer link, and use a control-plane MAC address advertisement protocol between MLAG cluster members. If you do not specify any MAC addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. The switch could use the this frame is coming from a LAG member part of that encapsulation to influence dynamic MAC learning. The STICKY keyword is used to make the MAC address appear in the running configuration and you can save it for later use. In the second command 2950Switch(config-if)# switchport port-security mac-address sticky, we need to know the full syntax of this command is switchport port-security mac-address sticky. The first command 2950Switch(config-if)# switchport port-securityis to enable the port-security in a switch port. Please read more about Dynamic access port here: This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. + The protect and restrict options cannot be simultaneously enabled on an interface. + The switch does not support port security aging of sticky secure MAC addresses. + When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses. + If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN. + When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two. + You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. + A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. + A secure port cannot be a destination port for Switched Port Analyzer (SPAN). + A secure port cannot be a dynamic access port. + Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. Follow these guidelines when configuring port security: