cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10533
Views
5
Helpful
6
Replies

switchport port-security aging static command

mahesh18
Level 6
Level 6

hi,

Can someone please explain we the above command with example.

many thanks

mahesh

1 Accepted Solution

Accepted Solutions

mahesh18 wrote:

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#

if you can explain me this please

mahesh

Mahesh

If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.

This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.

Jon

View solution in original post

6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

if you can explain me this please

mahesh

mahesh18 wrote:

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#

if you can explain me this please

mahesh

Mahesh

If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.

This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.

Jon

Hi Jon,

Many thanks for wonderful explanation.

best regards

mahesh

hanzawtunn
Level 1
Level 1

"Switchport port-security aging static" command enables aging of statically configured secured MAC address i.e., the addresses that you configured using “switchport port-security mac-address xxxx.xxxx.xxxx” command.

 

Issuing “switchport port-security aging static” and “switchport port-security aging time x” remove the statically configured address from the address-table and running configure.

 

When you check with “show run interface x” command, you will see that “switchport port-security mac-address xxxx.xxxx.xxxx” is missing from running configuration automatically after the aging time that you configured.

 

By checking with MACOF from Kali Linux and a switch, clear my confusion for this. 

Sir Please Elaborate these things in simple words . 

 

For What Purpose we use SecureStatic Address Aging .??

 

Thanks 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco