08-07-2006 11:18 PM - edited 03-03-2019 04:24 AM
we have 6513 switch..we have created vlans in this switch..port security has been enabled for each port in such a way that each port is capable of supporting 3 mac address..if any ports get disable then i have to manually first clear the port security of that port and then enable it again...now my question is that can aging time for port security can be defined??....plz help me out soon
IP address are allocated to each vlan through DHCP server
08-07-2006 11:40 PM
Check this command:
switchport port-security aging {static | time time | type {absolute | inactivity}}
bye
FCS
Please rate me if I helped.
08-07-2006 11:57 PM
HI,
Yes aging can be defined. Use the following command for the same:
switchport port-security aging time 'x'
x being the time in seconds.
You can also configure aging based on the inactivity time period.
switchport port-security aging type inactivity
Refer the following link for details:
Hope this helps.
Regards,
AbhisheK
Please rate all posts!!!
08-08-2006 12:10 AM
can this configuration works for CatOS also?...we have set based commands..how to do on using set based commands...help me out soon
08-08-2006 12:15 AM
This command can help you:
set port security mod/port... [enable | disable] [mac_addr] [age {age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}] [unicast-flood
{enable | disable }] [violation {shutdown | restrict }]
Further info:
bye
FCS
Please rate me if I helped
08-08-2006 12:18 AM
Hi,
The following command might help:
'set port security a/b age x'
a/b being the interface number and x the time in minutes.
Use the following link for details about commands for configuring your switch:
Hope this helps.
Regards,
AbhisheK
Please rate all posts!!!
08-08-2006 01:02 AM
for eg if i configure the aging as
set port security 1/4 age 120
now after 120 min the entry for the MAC address is removed...now how do i activate it again?..i mean if my PC is connected to port 1/4 then after 120 mins i will be not the LAN...now how to get again on LAN on that port only, in this case port 1/4..
help meee
08-08-2006 01:09 AM
Hi,
Then you need to give the following command:
clear port security a/b mac-address
or
clear port security a/b all
this command will clear the MAC address from the list of secured addresses on the port. And then it would be learned and secured again.
It is recommended to disable port security before clearing MAC address on a port.
Hope this helps.
Regards,
AbhisheK
Please rate all posts!!!
08-08-2006 01:31 AM
one last question..
just now i read that aging command cannot be used with dynamic MAC address...now if this is the case then how can i configure aging for ports
08-08-2006 01:51 AM
Hello,
it depends on the CatOS version and the Supervisor you are running, check this link:
Setting the Port Security Aging Type
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/sec_port.htm#wp1031791
Regards,
GNT
08-08-2006 02:31 AM
thanks a lot to everyone for helping me out...now i got all the answers to my questions
08-08-2006 03:30 AM
one issue is coming out..
i have configured port security for max 3 mac address and the aging time is 30 mins for 1/2 port...now if i put one pc in port 1/2 and then remove it after 2 mins and then again put another pc in the same port and then again remove and do it for third pc also...now if i put fourth pc in the same port that port should not take it as it configured for only 3 mac-addresses...how can the port be disabled if aging time i have defined 30 mins??...i want that fourth pc shouldnot be on LAN and port should not be disabled if aging time is defined for
30 mins(or any other defined time)...
help me out plzzzzzzzzzzzzzzzzzzzzzz
08-08-2006 04:12 AM
Hi,
The port must be getting disabled because you would have specified that as the action to be performed when a violation of the port-ssecurity occurs. Just remove the violation command and you should be done!
There must be a line in your configuration which would be like this:-
set port security A/B violation shutdown
Disable the above mentioned command and your problem should be resolved.
You can also set the violation action as to restrict which will drop all the packets from the insecure addresses but would keep the port enabled.
Hope this helps!
Regards,
Abhishek
Please rate all posts!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: