Port-Security aging time does not allow 0 as a valid entry in Catalyst switches running Cisco IOS so...

TCC_2 · ‎06-22-2009

Core issue

When you configure the port-security aging time with the switchport port-security aging time command, the valid range is from zero to 1440 minutes and when the time is equal to 0, aging is disabled for this port.

But in the switch CLI, this is the output for the command:

switch(config-if)#switchport port-security aging time ?
<_1-1440> Aging time in minutes. Enter a value between 1 and 1440

This is an example of the previous output:

After you configure port security on the port:

Switch(config-if)#show port-security int fa4/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0

The aging time changes only when you configure aging time as mentioned here:

Switch(config-if)#switchport port-security aging time 10
Switch(config-if)#show port-security int fa4/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 10 mins
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0

Resolution

In order to set the aging time to 0 minutes, the default, the only workaround is to set agining time with the no switchport port-security aging time command.

Port-Security aging time does not allow 0 as a valid entry in Catalyst switches running Cisco IOS software.

Core issue

Resolution