جسارت در حضور بزرگان نباشه اما فکر کنم تفاوتش رو پیدا کرده باشم
توی کتاب CCNA یه مثالی زده و بعد اخرش یه اشاره ای کرده که فکر میکنم درست باشه
صفحه های 253 تا 256
ICND 1
fred#show running-config
(Lines omitted for brevity)
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0200.1111.1111
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
fred#show port-security interface fastEthernet 0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0013.197b.5004:1
Security Violation Count : 1
fred#show port-security interface fastEthernet 0/2
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0200.2222.2222:1
Security Violation Count : 0
fred#show running-config
(Lines omitted for brevity)
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0200.2222.2222
For FastEthernet 0/1, Server 1’s MAC address is configured with the switchport portsecurity
mac-address 0200.1111.1111 command. For port security to work, the 2960 must
think that the interface is an access interface, so the switchport mode access command is
required. Furthermore, the switchport port-security command is required to enable port
security on the interface. Together, these three interface subcommands enable port security,
and only MAC address 0200.1111.1111 is allowed to use the interface. This interface uses
defaults for the other settings, allowing only one MAC address on the interface, and causing
the switch to disable the interface if the switch receives a frame whose source MAC address
is not 0200.1111.111.
Interface FastEthernet 0/2 uses a feature called sticky secure MAC addresses. The
configuration still includes the switchport mode access and switchport port-security
commands for the same reasons as on FastEthernet 0/1. However, the switchport portsecurity
mac-address sticky command tells the switch to learn the MAC address from the
first frame sent to the switch and then add the MAC address as a secure MAC to the running
configuration. In other words, the first MAC address heard “sticks” to the configuration,
so the engineer does not have to know the MAC address of the device connected to the
interface ahead of time.
The show running-config output at the beginning of Example 9-10 shows the
configuration for Fa0/2, before any sticky learning occurred. The end of the example
shows the configuration after an address was sticky-learned, including the switchport
port-security mac-address sticky 0200.2222.2222 interface subcommand, which the
switch added to the configuration. If you wanted to save the configuration so that only
0200.2222.2222 is used on that interface from now on, you would simply need to use the
copy running-config startup-config command to save the configuration.