To set the maximum number of max addresses allowed on a port when port-security is configured, the port security max-mac-count command can be used on 2900 and 3500 XL switches and the switchport port-security maximum command can be used on 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches.
When one of these commands are issued, MAC address entries are not released when a device becomes inactive due to the no aging timer being set.
When the port security max-mac-count <1-132> or switchport port-security maximum <1-128> command is configured on a port, the port learns the MAC addresses of the devices connected to the port. You can also manually enter the addresses, up to the specified number of allowed MAC addresses.
When the port security max-mac-count is configured on a 2900 and 3500 XL switch, the addresses that are learned do not age and are not lost when the switch resets. If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses do not age out until the switch is reset. If another device is connected to the port after the maximum number has been reached, the port will not permit the new MAC address, even if one or more of the original MAC addresses are inactive.
If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses that are learned age out once the switch is reset.
To avoid having to manually delete the existing secure MAC address, the port security aging time <time> interface configuration mode command on the 2900 and 3500 XL switch and the switchport port-security aging time <time> command on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches may be issued. The time value has a valid range of 1 to 1,440 minutes. The default time is 0 minutes. A value of 0 disables the aging time. The port security aging time command for the 2900 and 3500 XL switches is present in Cisco IOS Software version 12.0(5) WC5, but not in any of the previous versions in the WC train. It is not present in the XU or XP code. If you want to use this command, you must upgrade to Cisco IOS Software 12.0(5) WC5.
You can issue the port security aging or switchport port-security aging time command to set the aging time for all dynamic and static secure addresses on a port. When port security aging is enabled on a port, the secure addresses on the port are deleted only if they are inactive for the specified aging time.
Note: This feature is not available on the Catalyst 2900 Long-Reach Ethernet (LRE) XL switches.
This example shows how to set the port security aging time to two hours on the port of an XL switch:
Switch(config)#interface fa0/1 Switch(config-if)#port security aging time 120
This example shows how to set the port security aging time to two hours on the port of 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches:
Switch(config)#interface GigabitEthernet0/5 Switch(config-if)#switchport port-security aging time 120
To disable port security aging for all secure addresses on a port, issue the no port security aging time or no switchport port-security aging time interface configuration command based on the switch that you are using.
To verify the entry, issue the show port security [interface-id] or show port-security address command as appropriate.
I've got a 2Mbps mpls link as a VPN 0 transport on a vEdge 100m. Carrier drops ALL traffic it receives above 2Mbps. I want to treat all traffic the same but simply want it to get across the mpls link and not get dropped. I thought I could accomplish this ...
HiI have configure a Router 2921 to act as NTP server for my network devices. It sinchronize with a Windows sever 2016 NTP but is not workng NODO1#sh ntp associationsaddress ref clock st when poll reach delay offset disp~IPSERVER .LOCL. 1 50 64 ...
I am trying to view "show version" output on a text file (.txt) using"show version | redirect tftp://22.214.171.124/show_version_output.txt"in the CLI, but I keep getting a Timed Out error. Any thoughts or advice on how I would be able to open "show version" on ...
Hi, I have a problem with multicast pruning. There are 4 switches in total.Switch 1 and 2 are layer 3 Catalyst 3650 and installed at one location, trunked together.Switch 3 and 4 are layer 2 Catalyst 2960 and installed at another place, also tru...