To set the maximum number of max addresses allowed on a port when port-security is configured, the port security max-mac-count command can be used on 2900 and 3500 XL switches and the switchport port-security maximum command can be used on 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches.
When one of these commands are issued, MAC address entries are not released when a device becomes inactive due to the no aging timer being set.
When the port security max-mac-count <1-132> or switchport port-security maximum <1-128> command is configured on a port, the port learns the MAC addresses of the devices connected to the port. You can also manually enter the addresses, up to the specified number of allowed MAC addresses.
When the port security max-mac-count is configured on a 2900 and 3500 XL switch, the addresses that are learned do not age and are not lost when the switch resets. If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses do not age out until the switch is reset. If another device is connected to the port after the maximum number has been reached, the port will not permit the new MAC address, even if one or more of the original MAC addresses are inactive.
If the switchport port-security maximum command is configured on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches, then the addresses that are learned age out once the switch is reset.
To avoid having to manually delete the existing secure MAC address, the port security aging time <time> interface configuration mode command on the 2900 and 3500 XL switch and the switchport port-security aging time <time> command on the 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches may be issued. The time value has a valid range of 1 to 1,440 minutes. The default time is 0 minutes. A value of 0 disables the aging time. The port security aging time command for the 2900 and 3500 XL switches is present in Cisco IOS Software version 12.0(5) WC5, but not in any of the previous versions in the WC train. It is not present in the XU or XP code. If you want to use this command, you must upgrade to Cisco IOS Software 12.0(5) WC5.
You can issue the port security aging or switchport port-security aging time command to set the aging time for all dynamic and static secure addresses on a port. When port security aging is enabled on a port, the secure addresses on the port are deleted only if they are inactive for the specified aging time.
Note: This feature is not available on the Catalyst 2900 Long-Reach Ethernet (LRE) XL switches.
This example shows how to set the port security aging time to two hours on the port of an XL switch:
Switch(config)#interface fa0/1 Switch(config-if)#port security aging time 120
This example shows how to set the port security aging time to two hours on the port of 2940, 2950 and 2955, 2970, 3550 or 3750 series of switches:
Switch(config)#interface GigabitEthernet0/5 Switch(config-if)#switchport port-security aging time 120
To disable port security aging for all secure addresses on a port, issue the no port security aging time or no switchport port-security aging time interface configuration command based on the switch that you are using.
To verify the entry, issue the show port security [interface-id] or show port-security address command as appropriate.
I have a lab that has 1 c2960cx switch, 1 WLC and 1 AP. I want the WLC to have 2 SSIDS(Wlans) on 1 AP, one for Internal users and 1 wlan for Guests. Can i somehow make it that theres 2 dhcp pools with 2 different subnets, one assigned for internal,&...
I'm reading the official cert guild and i am confused.does the shaper affect each queue like voice video and data?correct me if I'm wrong you can apply a shaper to each queue ?sending rate through the shaper does not exceed the shaping rate, that does tha...
In my particular case, I'm designing a network for an HQ of an Ice cream company. The building is limited to about 500 drops split up between four IDF So I was debating whether to do a tier 2 or tier 3 setup. This got me thinking about where is the gray a...
Hello Members,I have a scenario where in ,1. ISP to firewall internet is working2. ISP to cisco router internet is working ISP - Router - Firwall in this case internet is not workingI checked and found firewall is not receiving the arp entry from rou...