Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configuring switch port security

We are using port security feature on our c3750 IOS 122-35.SE1. Customer has a laptop which needs access to multiple ports but we get the duplicate MAC addr error trying to assign the address to more than one port. Looking for suggestions on how to configure port security in this scenario


Re: Configuring switch port security

switchport port-security aging type inactivity

switchport port-security aging x

where x is a value in minutes. If you configure 0 as value, you disable aging! So you've to pick for example 1.

This is required if the laptop is not directly attached to the switch. For example connected via a VoIP phone.

If the switch doesn't hear from the host for x minutes, the mac-address is removed from the table.

If the laptop is directly connected, the MAC address is flushed immediately when disconnected.

A unique secure MAC address can only be once present in the MAC address table for a certain VLAN

Community Member

Re: Configuring switch port security

Davy thanks for the response. In other words if I have a port security mac addr xxx assigned to a port and configure this aging option for say 1 minute, then I should be able to successfully

reconnect to that port with a different MAC addr yyy after 1 minute. Does that sound correct?

Thanks again

Re: Configuring switch port security

Hi Bryan,

what's the sense of statically configuring a mac address in this situation? The switch want allow you to configure the same static MAC to two different ports in the same VLAN.

A static MAC address doesn't age out by default. This command is required:

switchport port-security aging static

but what is the sense of configuring a static MAC that possibly will age out?

Community Member

Re: Configuring switch port security

Unfortunately for me, port security static MACs are an organizational network requirement and I have a support group requesting to be able to unplug an existing workstation and connect a specific laptop from the same subnet to that switch port and be able to repeat this step for multiple ports on the same switch. I was hoping to be able to configure the switch port port security to allow this without having to intervene manually, removing and re adding the static MAC address. Thanks

CreatePlease to create content