Solved: CAM aging time VS Port-security aging time

shinakuma123 · ‎03-30-2015

Hi All

Please advise on the following:

- Without port-security configured, MACs per interface are learnt as "Dynamic" entries and the global CAM aging timer applies (300 seconds) unless tweaked manually.

- With switchport port-security enabled (without port-security mac-address sticky, which holds onto MACs infinitely) I see MACs being learnt as "Secure-Dynamic" in a show port-security interface gix/x output and as "Static" in the output of show mac address-table interface gix.x .

What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too? as I see their is also a option to configure port-security mac-address aging time / type, does this overrule / take precedence over the default CAM aging timer?

Please assist, its not documented anywhere and its driving me a bit nuts!

Thanks folks

Jon Marshall · ‎03-31-2015

What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too?

Any aging time you configure with port security will take precedence over the default aging time.

See this thread for details -

https://supportforums.cisco.com/discussion/11054341/switchport-port-security-commands-help

Jon

View solution in original post

Jon Marshall · ‎03-31-2015

What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too?

Any aging time you configure with port security will take precedence over the default aging time.

See this thread for details -

https://supportforums.cisco.com/discussion/11054341/switchport-port-security-commands-help

Jon