Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

switch port security

Hi

i have planned to do this

1.enable switch port security on the switch ports and allow 3 mac address

2.statically add the mac address of the pc & voip phone through switch port security mac address command

so now two mac address are added statically and third mac will be learned dynamically.

can we use the aging time only for the dynamically learned mac addressess?

5 REPLIES
Bronze

Re: switch port security

Hi Krish,

Default settings for switchport port security is

Aging : Disabled

Aging type : Absolute

Static Aging : Disabled

Since static aging is disabled you can set the aging for dynamic learned MAC using

the below command

Switch(config-if)# switchport port-security

[ aging {static | time aging_time | type

{absolute | inactivity} ]

Do not use static keyword in above syntax which enables aging for statically configured secure addresses on the port.

HTH

Raj

Community Member

Re: switch port security

Hi Raj,

thanks for those information.

i think configuring aging time is not possible if i use switc port security with sticky options.is that correct

one more query

I have created two vlan 10 & 20

i wanted to use 20 for voice traffic...

If i configure the interface to which a voip phone and a pc gets connected with following will there will any problem

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# switchport access vlan 10

Switch(config-if)# switchport voice vlan 20

Switch(config-if)# switchport port-security maximum 2

Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan voice

Switch(config-if)# switchport port-security mac-address 0001.00002.0003 vlan access

my question is whether avove is an valid config

Re: switch port security

Yes it is valid

Narayan

Bronze

Re: switch port security

Hi,

Per-VLAN configuration is supported only on trunks.

Since you have configured the interface has access port you can not use the static mac-address statement with vlan vland_id.

So its a invalid config.

chk this link

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html#wp1053357

HTH

Raj

Re: switch port security

Well this is an interesting thing to test

i have read in some cisco documents that when you enable a voice vlan, it dynamically creates a trunk to pass the 2 vlans

So will this be valid in the above case

Narayan

477
Views
0
Helpful
5
Replies
CreatePlease to create content