11-10-2014 06:46 AM - edited 03-07-2019 09:27 PM
Hello,
we have configured Port-Security on the Cisco Catalyst 3850 Switches on all "access ports" like this:
interface GigabitEthernet1/0/1
switchport mode trunk
switchport nonegotiate
switchport port-security
switchport port-security maximum 50
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
Switch1#sh mac address-table address ecf4.bb01.078b
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
2201 ecf4.bb01.078b STATIC Gi3/0/31
Total Mac Addresses for this criterion: 1
Switch3#sh mac address-table address ecf4.bb01.078b
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
2201 ecf4.bb01.078b STATIC Gi6/0/24
Total Mac Addresses for this criterion: 1
My MAC-Address isn't aging out. And this means I can't connect to any other Port.
After clearing port-security "clear port-security dynamic addressecf4.bb01.078b" everything is fine.
11-10-2014 07:21 AM
I don't think the aging timeout works between switches, I believe its only applicable to one switch at a time.
11-10-2014 09:35 PM
Thanks for your reply.
Why shouldn't it work? If I disconnect my PC I have no activity so my mac address should age out.
So if I want to plug it in to another port after the aging time of 2 Minutes my MAC-Address will be learned and I have network connectivity. That's the plan... otherwise I will be locked out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide