Sticky MAC – Topic Checklist

What is Sticky MAC?

Sticky MAC is a Cisco port security feature that enables a switch port to dynamically learn MAC addresses and “stick” (save) them to the switch’s running configuration.
Purpose: Increases security by restricting which devices can connect to a switch port, while offering more flexibility than static MAC address assignments.

How Sticky MAC Differs from Static and Dynamic MAC Addresses

Type	How Learned	Where Stored	Persistence	Flexibility
Static	Manual (by admin)	Startup/running config	Persistent (until deleted)	Low (manual updates)
Dynamic	Learned by switch, not saved	MAC address table (RAM)	Lost on reload	High (auto-learns, but temporary)
Sticky	Learned dynamically, saved	Running config (can be saved)	Persistent if saved to startup-config	Best of both: dynamic + persistent

How Sticky MAC Works

When sticky MAC is enabled, the switch learns the MAC addresses of connected devices on a port.
These addresses are saved to the running configuration (not just memory).
If the running config is saved (write memory), sticky MACs persist after a reboot.
If not saved, sticky MAC entries are lost upon reload.

Configuring Sticky MAC

Switch(config)# interface FastEthernet0/10
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security maximum 2

Viewing sticky MAC addresses:
show port-security address
show mac address-table sticky

Benefits of Sticky MAC

Provides enhanced port security with minimal manual intervention.
Allows legitimate devices to connect and be authorized automatically.
Combines flexibility (dynamic learning) with persistence (when saved).

Sticky MAC vs. Static MAC

Aspect	Sticky MAC	Static MAC
Learning	Dynamically learned & saved	Configured manually
Persistence	Persist if saved to startup-config	Always persistent
Management	Easier, less admin effort	More manual admin work

Sticky MAC and Port Security

Sticky MAC is a mode of port security on Cisco switches.
You can set limits on the number of sticky MAC addresses per port (e.g., maximum 2).
Combines with violation actions: protect, restrict, or shutdown (default).

Aging and Removal of Sticky MAC Addresses

By default, sticky MAC addresses do not age out.
You can manually remove them from running-config or clear all learned addresses:

Switch(config-if)# no switchport port-security mac-address sticky
Switch# clear port-security sticky interface FastEthernet0/10

Security Implications

Prevents MAC spoofing by locking a port to specific MACs.
Stops unauthorized devices from connecting (port can be shut down on violation).
Limitations: If an attacker replaces a device but uses the same MAC, they may gain access. Combine with 802.1X or physical security for stronger protection.

Troubleshooting Sticky MAC Issues

Symptom	Possible Cause	Solution
Port is err-disabled (shut down)	Violation of MAC limit or unauthorized device	Check sticky MAC table, use `shutdown/no shutdown` to reset port
Sticky MACs not saved after reboot	Running-config not saved to startup-config	Use `write memory` or `copy run start`
Unable to add new device	MAC address limit reached	Increase max allowed MACs or remove old entries

Best Practices

Set the maximum number of sticky MAC addresses appropriate for the port use (e.g., 2 for PC + IP phone).
Save the configuration after learning sticky MACs (write memory).
Monitor with show port-security and show mac address-table sticky.
Use violation modes restrict or shutdown for better security.
Document all port security settings for auditing.

Example Scenario:
A switch port (Fa0/10) should only allow a PC and IP phone, and block any other devices.

Switch(config)# interface FastEthernet0/10
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation shutdown

When a third device is connected, the port is automatically disabled (err-disabled) until reset.

Key Points and Exam Tips

Key Point	Explanation
Sticky MAC	Dynamically learns and “sticks” MACs to config for port security.
Persistence	Sticky MACs persist after reload only if saved to startup-config.
Limits	Set max allowed sticky MACs per port (e.g., 2 for PC+phone).
Removal	Manually clear with `clear port-security sticky` if needed.
Best Practice	Monitor, document, and save configs after learning MACs.

When and Where to Use Sticky MAC:
Deploy on edge/access ports where you want to lock connectivity to a small set of trusted devices—common in enterprise, schools, and sensitive office areas.
Combine with other security features for stronger protection.

1. What is the primary purpose of enabling Sticky MAC on a switch port?

A. To increase switch performance by caching MAC addresses B. To allow all devices to connect without restriction C. To statically assign MAC addresses for each port D. To dynamically learn and restrict which devices can connect to a port

Correct answer is D. Sticky MAC enhances security by learning and saving MAC addresses, restricting port access to known devices.

2. Where are sticky MAC addresses stored by default when learned on a Cisco switch?

A. Startup configuration B. Flash memory C. Running configuration D. MAC address table (RAM) only

Correct answer is C. By default, sticky MAC addresses are saved in the running configuration, not the startup configuration or MAC address table alone.

3. What must you do to make sticky MAC addresses persist after a switch reboot?

A. Nothing, they are persistent by default B. Save the running-config to startup-config C. Clear the port security settings D. Enable aging for sticky MAC addresses

Correct answer is B. Sticky MACs persist only if you save the running configuration (using write memory or copy run start).

4. Which of the following best describes the flexibility of Sticky MAC compared to static and dynamic MAC address assignment?

A. Combines the dynamic learning of MACs with the persistence of static entries B. Less flexible than static assignment C. Only allows manual configuration D. Works only with wireless devices

Correct answer is A. Sticky MAC gives the best of both: automatic learning plus the option to make entries persistent.

5. What happens if the number of learned sticky MAC addresses on a port exceeds the maximum configured value?

A. The oldest MAC addresses are automatically deleted B. All MAC addresses on the port are cleared C. No effect; the port continues to operate normally D. The port triggers a security violation action (protect/restrict/shutdown)

Correct answer is D. Exceeding the maximum triggers the configured violation action—by default, this is “shutdown” (err-disable).

6. Which command enables sticky MAC on an interface?

A. switchport port-security violation restrict B. switchport port-security mac-address sticky C. switchport port-security maximum 2 D. show port-security address

Correct answer is B. This command tells the switch to learn and “stick” MAC addresses for port security.

7. How can you view currently learned sticky MAC addresses on a Cisco switch?

A. show running-config only B. show vlan C. show port-security address OR show mac address-table sticky D. show interfaces status

Correct answer is C. Both show port-security address and show mac address-table sticky display sticky MACs.

8. Which of the following is a limitation of Sticky MAC security?

A. An attacker can access the port if they use a previously learned MAC address B. Sticky MAC addresses age out automatically by default C. Sticky MAC disables port security features D. It cannot be combined with any other security mechanism

Correct answer is A. Sticky MAC only locks ports to MAC addresses, so using the same MAC (spoofing) can bypass this unless combined with other security.

9. Which action is recommended immediately after the switch has learned the allowed sticky MAC addresses?

A. Remove all learned addresses B. Increase the MAC address limit C. Change the port to trunk mode D. Save the configuration to startup-config

Correct answer is D. Always save the config so the learned sticky MACs persist after a reboot.

10. What happens if you connect a third unauthorized device to a port configured for sticky MAC with a maximum of 2 addresses and violation mode set to “shutdown”?

A. The port continues to allow access for all devices B. The port is placed into an error-disabled (err-disabled) state C. The oldest sticky MAC is automatically deleted D. The switch disables all ports on the switch

Correct answer is B. With violation mode “shutdown,” the port is disabled (err-disabled) if the MAC limit is exceeded.

← Back to Home