switch port security

Unanswered Question
Dec 19th, 2007
User Badges:


i have planned to do this

1.enable switch port security on the switch ports and allow 3 mac address

2.statically add the mac address of the pc & voip phone through switch port security mac address command

so now two mac address are added statically and third mac will be learned dynamically.

can we use the aging time only for the dynamically learned mac addressess?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rajinikanth Thu, 12/20/2007 - 01:07
User Badges:
  • Bronze, 100 points or more

Hi Krish,

Default settings for switchport port security is

Aging : Disabled

Aging type : Absolute

Static Aging : Disabled

Since static aging is disabled you can set the aging for dynamic learned MAC using

the below command

Switch(config-if)# switchport port-security

[ aging {static | time aging_time | type

{absolute | inactivity} ]

Do not use static keyword in above syntax which enables aging for statically configured secure addresses on the port.



gopinath.krishn... Thu, 12/20/2007 - 01:18
User Badges:

Hi Raj,

thanks for those information.

i think configuring aging time is not possible if i use switc port security with sticky options.is that correct

one more query

I have created two vlan 10 & 20

i wanted to use 20 for voice traffic...

If i configure the interface to which a voip phone and a pc gets connected with following will there will any problem

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# switchport access vlan 10

Switch(config-if)# switchport voice vlan 20

Switch(config-if)# switchport port-security maximum 2

Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan voice

Switch(config-if)# switchport port-security mac-address 0001.00002.0003 vlan access

my question is whether avove is an valid config

royalblues Thu, 12/20/2007 - 06:05
User Badges:
  • Green, 3000 points or more

Well this is an interesting thing to test

i have read in some cisco documents that when you enable a voice vlan, it dynamically creates a trunk to pass the 2 vlans

So will this be valid in the above case



This Discussion