Port Security


Can please clear my doubt that if switch is learning Mac addresses using sticky keyword then it will only learn the number of Mac addresses that are mentioned in switchport port-security Mac-address maximum command.

If we don’t specify any number with maximum key word then it will be only 1 MAC address…if we specify 5 then it will only learn the first 5 Mac addresses only and after that go to violation if any other MAC address comes up.
But what happens if you disconnect a pc from this learned 5 Mac addresses and then plug a new pc with new Mac.


Hello Sumant

Yes, this is correct. If you configure a port with port security to be sticky, then it will only learn and retain the number of MAC addresses that are defined by the maximum configured.

Yes, this is also correct. The default value for maximum is one. If there is a violation of any kind, that is, if the number of MAC addresses detected exceeds the maximum configured, the port goes into err-disabled state by default. This behaviour can however be adjusted.

Sticky MAC addresses, once learned, are actually stored in the running configuration, and they remain there forever. If the device is rebooted, those sticky MAC addresses are lost, unless the running config is saved to the startup config. If you unplug a device and plug in a new one and the new MAC violates the maximum, the port goes into err-disabled state. In order to get a new MAC to actually function, you must go into the configuration and remove the old MAC addresses to make room for new ones to be learned via the sticky operation.

I hope this has been helpful!