To set the maximum number of max addresses allowed on a port when port-security is configured, the port security max-mac-count command can be used on 2900 and 3500 XL switches and the switchport port-security maximum command can be used on 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches.
When one of these commands are issued, MAC address entries are not released when a device becomes inactive due to the no aging timer being set.
When the port security max-mac-count <1-132> or switchport port-security maximum <1-128> command is configured on a port, the port learns the MAC addresses of the devices connected to the port. You can also manually enter the addresses, up to the specified number of allowed MAC addresses.
When the port security max-mac-count is configured on a 2900 and 3500 XL switch, the addresses that are learned do not age and are not lost when the switch resets. If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses do not age out until the switch is reset. If another device is connected to the port after the maximum number has been reached, the port will not permit the new MAC address, even if one or more of the original MAC addresses are inactive.
If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses that are learned age out once the switch is reset.
To avoid having to manually delete the existing secure MAC address, the port security aging time <time> interface configuration mode command on the 2900 and 3500 XL switch and the switchport port-security aging time <time> command on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches may be issued. The time value has a valid range of 1 to 1,440 minutes. The default time is 0 minutes. A value of 0 disables the aging time. The port security aging time command for the 2900 and 3500 XL switches is present in Cisco IOS Software version 12.0(5) WC5, but not in any of the previous versions in the WC train. It is not present in the XU or XP code. If you want to use this command, you must upgrade to Cisco IOS Software 12.0(5) WC5.
You can issue the port security aging or switchport port-security aging time command to set the aging time for all dynamic and static secure addresses on a port. When port security aging is enabled on a port, the secure addresses on the port are deleted only if they are inactive for the specified aging time.
Note: This feature is not available on the Catalyst 2900 Long-Reach Ethernet (LRE) XL switches.
This example shows how to set the port security aging time to two hours on the port of an XL switch:
Switch(config)#interface fa0/1 Switch(config-if)#port security aging time 120
This example shows how to set the port security aging time to two hours on the port of 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches:
Switch(config)#interface GigabitEthernet0/5 Switch(config-if)#switchport port-security aging time 120
To disable port security aging for all secure addresses on a port, issue the no port security aging time or no switchport port-security aging time interface configuration command based on the switch that you are using.
To verify the entry, issue the show port security [interface-id] or show port-security address command as appropriate.
Hi All, I'm planning to use a ASR 1009-X router with 40Gbit connections (80Gbit throughput) and I would like to know whether any performance licenses are needed?Also do you know any documentation regarding the Cisco licensing? What kind of possible l...
Hi!Today I faced with unexpected stack link lost between members of stack. Now stack in consistent stHow troubleshoot such problem?Also I found strange why switch #1 restarted (as log shows, see futher) while link lost between #2 and #3? c3850 ...
I'm having trouble understanding the prefix part.from what i know for example 2001:dead:beef::/48 is my network prefix i cant change those 48 bits.and that my next 16 hex bits 0000 is my sub net bits when you add them up give you 64 bits.but whats c...
hi,currently only CPU and memory are being monitored in solarwinds for our cisco switches: 3850, 9300, N5K, ME3600x, etc.i would need to add hardware monitoring for the hot swap modules, i.e. fans and power supply.is there a specific SNMP trap that i need...
hi,currently only CPU and memory are being monitored in solarwinds for our cisco ASR1K routers.i would need to add hardware monitoring for the ASR modules, i.e. fans, power supply, and route processors.is there a specific SNMP trap that i need to configur...