Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Age time in port security

How exactly does age time work in port security? Currently I don't have age time set for port security and I was under the impression that this means that age time is disabled which meant the secure address is active on the port forever.

Recently though I have been noticing that even when port security is set and when a computer is unplugged there is no entry in the Secure-src-addr and consequently the port does not shutdown when a different computer or device is plugged in.

The port security config is set to dynamic, violation shutdown for 5 minutes with age time not set. Anyone know what's going on?

Thanks.

5 REPLIES
Community Member

Re: Age time in port security

Hi

Could you please post me the config

Regds

Adhi

Community Member

Re: Age time in port security

Here is the config of the port security on the affected port:

* = Configured MAC Address

Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex

----- -------- --------- ------------- -------- -------- -------- -------

2/1 enabled shutdown 5 0 1 disabled 9

Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left

----- -------- ----------------- -------- ----------------- ------------------

2/1 0 - - 00-0b-db-6f-82-d4 no -

Re: Age time in port security

If port security is set to dynamic, then it's adding the learned addresses to the port. It won't shut the port down unless you have a max-address set. These addresses (unless sticky) will be removed when the switch is reset.

IMHO, there's no point to having port security if you don't set either the amount of accepted addresses on the port in dynamic, or set them to have static mac addresses.

Maybe this will help too:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1042596

--John

HTH, John *** Please rate all useful posts ***
Community Member

Re: Age time in port security

John,

Thanks for the speedy reply. I guess it was not apparent from the posted config but we do have a max address of 1 set for each port and it is dynamic.

Re: Age time in port security

Yeah, I see that now :)

What happens if you ping the device that you put on after switching the cables? Does the port shutdown, or does it continue to work?

Can you post the actual config of the port?

sh run int fa0/1 (or whatever port it is)

John

HTH, John *** Please rate all useful posts ***
496
Views
0
Helpful
5
Replies
CreatePlease to create content