switchport port-security aging static command

Answered Question
Sep 29th, 2010
User Badges:

hi,


Can someone please explain we the above command with example.


many thanks


mahesh

Correct Answer by Jon Marshall about 6 years 5 months ago

mahesh18 wrote:


Hi Reza,


thanks for reply i read from cisco website following note but i did not understand what this mean


You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#



if you can explain me this please



mahesh


Mahesh


If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.


This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mahesh18 Thu, 09/30/2010 - 07:28
User Badges:

Hi Reza,


thanks for reply i read from cisco website following note but i did not understand what this mean


You can use port security aging to set the aging time for all secure addresses on a port.

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.



if you can explain me this please



mahesh

Correct Answer
Jon Marshall Thu, 09/30/2010 - 09:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

mahesh18 wrote:


Hi Reza,


thanks for reply i read from cisco website following note but i did not understand what this mean


You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#



if you can explain me this please



mahesh


Mahesh


If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.


This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.


Jon

mahesh18 Thu, 09/30/2010 - 09:36
User Badges:

Hi Jon,


Many thanks for wonderful explanation.


best regards

mahesh

Actions

This Discussion