Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

edw
New Member

Port Security Aging

Hi,

I have tried to setup port security and it has worked to a point.

I have the port security locking out other mac address which aren't on my list, however the port aging doesn't seem to be working.

My list for the port is:

port security

port security max-mac-count 1

port security action shutdown

port security aging time 60

switchport access vlan x

spanning-tree portfast

mac-address-table secure 0000.0000.0000 fastethernet0/21 vlan x

All works except the aging isnt shutting the port down after 60 mins of inactivity.....

I want to get it to a point where if the port is unplugged for x amount of time. The port shutdown and requires intervention.

Thanks


Ed

9 REPLIES
Purple

Port Security Aging

Hi,

Taken from here:https://supportforums.cisco.com/docs/DOC-4868

You can issue the port security aging or  switchport port-security aging time

command to set the aging time for all dynamic and static secure  addresses on a port. When port security aging is enabled on a port, the  secure addresses on the port are deleted only if they are inactive for  the specified aging time.

So it will not do what you want to achieve.

Regards.

Alain

Don't forget to rate helpful posts.
edw
New Member

Re: Port Security Aging

But surely the described statement is exactly what I'm doing?? Isn't it?

Port ageing is added

Mac address secure is added

Computer is removed for 60 minutes - no change....

Thanks

Ed

Sent from Cisco Technical Support iPhone App

Purple

Port Security Aging

Hi,

I don't see that the port will be errdisabled when the secure MAC address is deleted from CAM table, why would it anyway?

the port will get errdisabled if there is a MAC address different from the secure one that appears as src on the port.

This aging time feature is useful to  prevent from MAC-MOVE notifications but not for disabling the port as far as I know.

Regards.

Alain

Don't forget to rate helpful posts.
edw
New Member

Port Security Aging

Hi,

Thanks for the reply. What's intreasting is the mac isn't deleted from the mac-address-table, so it's still able to reconnect afterwards.

Unless I'm miss understanding. If the mac is deleted from the table after the aging timeout then surely it won't be able to reconnect to the port until the mac address is re-added added ?

It looks like on the newer OS you can tell the aging timeout to make the port inactivity as part of aging activity.

However I'm using slightly older version and though the mac address removing should have worked..??

Thanks


Ed

edw
New Member

Port Security Aging

Anyone know how I could achieve what I want to do ?

Thanks


Ed

Purple

Port Security Aging

Hi,

the question is what exactly do you want to achieve ?

Regards.

Alain

Don't forget to rate helpful posts.
edw
New Member

Port Security Aging

Hi,

I want to get it to a point where if the port is unplugged for x amount of time. The port does a shutdown and requires intervention to reactive it.

IE I have a load of exhibits on our floor. However, sometimes exhibits get taken offsite for a few days and then brought back and plugged in. I want as a safty precaution for that port not to allow that machine back on until a a IT member has checked it.

Thanks


Ed

Purple

Port Security Aging

Hi,

which platform and which OS ?

Regards.

Alain

Don't forget to rate helpful posts.
edw
New Member

Port Security Aging

CIsco 3524XL with 12.0-5 (WC17)

419
Views
0
Helpful
9
Replies