🛡️ Free practice test question from: Sticky MAC address (Security+)

When Cisco switch port security is configured with sticky MAC addresses and a maximum number of allowed MAC addresses (in this case, 2), the switch learns and stores these MAC addresses in the running configuration. If a third device with a different MAC address attempts to send traffic through that same port, the port security violation logic kicks in.

By default, Cisco switches operate in "shutdown" mode upon a port security violation. This mode places the port in an error-disabled state, effectively disabling it until an administrator manually intervenes. In other words, the original two learned MAC addresses remain, but traffic from the newly connected (third) device triggers the violation and the port shuts down to prevent unauthorized access.

Sticky MAC address filtering is not exclusive to Cisco switches, though Cisco popularized the concept and terminology "port security" with "sticky MAC" in their IOS. Many other switch vendors offer similar features under different names. For example, Juniper, Aruba (HP), and Extreme Networks switches often provide MAC locking, MAC limiting, or static MAC learning functionalities that serve the same overarching purpose: controlling which devices can connect to a port based on their MAC addresses.

While the exact commands, configuration steps, and terminologies vary from one vendor to another, the core idea remains consistent. Managed switches from well-established brands typically include comparable security measures.