Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

port-security aging time to low?

We are gearing up to implement port security in our environment and we are considering an aging type of inactivity and an aging time of 2 minutes. This is to allow for PC and other equipment changes without requiring manual intervention.

Is there an aging time (other than 0) that would negatively affect switch performance? As I indicated above, we are currently considering two mintues. How about 2 seconds? Is this something to be concerned about?

1 REPLY
Hall of Fame Super Silver

Re: port-security aging time to low?

Hello Morgan,

if you set an aging time of type inactvity for 2 seconds you get:

a useless port security configuration everyone can come and plug its laptop into the port without a chance to be blocked

I would worry also about CPU usage: there should be a process that checks MAC addresses on all secured ports : setting a 2 seconds aging time will likely increase the frequency of this check and so this could lead to a bigger CPU load.

You can address this issue by informing tech people to wait 2 minutes before plugging in the new device: cables changes shouldn't happen very often.

If instead the scenario is with many changes you could consider the usage of 802.1X authentication.

Hope to help

Giuseppe

246
Views
0
Helpful
1
Replies
CreatePlease to create content