Re: why do we need to put secure addresses in port security
By default they don't age out, however you can enable aging based on an absolute value or inactivity.
The reason why one might configure 10 MAC addresses as a maximum is to protect the switch CAM table from being flooded with more than the maximum number of supported MAC addresses. If that situation would happen, the switch will not be able to learn more addresses and will start sending traffic to all port in the same VLAN as a best effort for every new destination MAC address which cannot be learnt. Usually this is used by attackers to capture traffic in the same VLAN not destined to them.
To read more about this, refer to Content Addressable Memory (CAM) Table Overflow section:
Configuring 2 MAC addresses statically ensures that those addresses can be used to communicate even if we learn more addresses on that port (that is 2 + 8 as a maximum based on your example). We also allow 8 other MAC addresses to be learnt on that port at the same time.
For more details about Port Security, refer to the "Configuring Port Security on 3750 switches" guide on the following link:
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...