What is the use case of the Switch(config-if)# switchport port-security mac-address sticky 0000.1111.1111
command?
By definition, a sticky address is a learned secure address that is added to the running configuration. By definition, a configured address is a secure address that is statically configured via Switch(config-if)# switchport port-security mac-address 0000.2222.2222
.
By manually adding a sticky address, I've added a configured address. The command seems to me redundant and contradictory to the concept of a sticky MAC address.
Even the debug port-security
entries in the system log call a sticky a configured address. After having issued Switch# clear port-security sticky address 0000.1111.1111
, there are entries such as PSECURE: Deleting secure MAC address 0000.1111.1111 on port
and PSECURE: Address is sticky on port
and PSECURE: Delete configured address: 0000.1111.1111 from subblock
.
Best Answer
While you can manually configure a sticky address, it is not usually used that way (and in fact Cisco recommends against it):
In other words, when you want to manually configure a MAC address on a port, you use
but when you want the switch to automatically learn the first MAC seen on a port and remember that (even if there is no traffic seen from that MAC for a long time), then you use:
and after the swich learns a MAC address, you will see that it has automatically added: