Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1749
Views
10
Helpful
2
Replies

Port-security sticky and aging

sbrobak
Level 1
Level 1

‎03-16-2004 02:43 AM - edited ‎03-02-2019 02:18 PM

Should it be possible to age out sticky mac adresses? Running 2950/3550.

switchport port-security mac-address sticky

switchport port-security aging time x

1 person had this problem
Labels:
0 Helpful
2 Replies 2

skarundi
Level 4
Level 4

‎03-16-2004 01:36 PM

No it is not possible to age out sticky entries.

Entry is added to the config, so only way to get it out is to remove the port security mac address entry from the config.

BrianSekleckiGE
Level 1
Level 1
In response to skarundi

‎02-22-2021 01:34 AM

Should we file a bug request / feature request for this with Cisco?

 

It would be helpful to have Sticky MAC Address with Aging:

 

- Sticky still applies for persistent MACs in the config through reboots

- If a port is down or inactive for a certain period of time, the MAC is aged out of the config (prevents MITM)

-- Remote ops center operators have a certain threshold to investigate secure port violations 

-- Allows operators w/o admin access to replace a secure device if they can force it down / offline beyond the threshold

- A MITM attacker reboots a switch with power cycle, the attack fails

Customers Also Viewed These Support Documents