08-09-2011 09:05 PM - edited 03-07-2019 01:37 AM
Hi,
I would like to understand the difference between the two types of aging mechanism: Absolute & Inactivity. In which situation should we used absolute instead of inactivity. What is the default settings is we do not specified absolute or inactivity?
In switchport port-security aging time, do we have to specified a time in minutes or there is a default value associated with this command.
Thanks for your help
Stephane
Solved! Go to Solution.
08-11-2011 01:02 AM
Hi,
Yes, absolute means at the end of the timer clear the mac from CAM table and inactivity means if there hasn't been any traffic sourced from this mac on this port since the timer value then clear the mac from CAM table.
Steph1963 a écrit:
I think that the switchport port-security aging static applies to the configurd static mac-address. From what I read, the static MAC address configured will dissappear fron the running-config if the the aging timers is reach but I do not know how long is this aging timers.
Yes it applies to static secure addresses but the aging is for the CAM table not the running-config.
I don't know the default value when enabled but show port-security and/or sw mac address-table static xxxx.xxxx.xxxx will give you the answer.
Regards.
Alain.
08-09-2011 11:17 PM
Hi,
By default the aging time for secure mac addresses is disabled, it is set to 0 and absolute for dynamic ones ( 0 meaning never age out) and disabled for static ones.
The aging time is in minutes.
Regards.
Alain.
08-10-2011 10:36 AM
Hi,
If I have understand you correctly, aging time is disable by default and if we configure aging time, the default will be absolute.
The following configuration comes from the SWITCH manual and I am still not sure about how long is configure the aging time.
interfacefa2/2
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.1118
switchport port-security maximum 1
switchport port-security aging static
swithchport port-security violations shutdown
I think that the switchport port-security aging static applies to the configurd static mac-address. From what I read, the static MAC address configured will dissappear fron the running-config if the the aging timers is reach but I do not know how long is this aging timers.
Thanks for your help
Stephane
01-22-2016 06:09 AM
.
08-10-2011 12:03 AM
Hi,
Please find the difference between the two:
Absolute—The secure addresses on that port are deleted after the specified aging time.
Inactivity—The secure addresess on this port are deleted only if the secure addresses are inactive for the specified aging time.
Please find the link which explains more:
The aging time is specified in minutes.
By default the aging time never ages out, and disabled for static ones.
Cheers
Sweta
Please rate the answer and mark it answered if it was helpful.
08-10-2011 10:38 AM
Hi,
Does that means that the absolute will aged out the learned address whether there is activity or not?
Thanks for your help
Stephane
08-11-2011 01:02 AM
Hi,
Yes, absolute means at the end of the timer clear the mac from CAM table and inactivity means if there hasn't been any traffic sourced from this mac on this port since the timer value then clear the mac from CAM table.
Steph1963 a écrit:
I think that the switchport port-security aging static applies to the configurd static mac-address. From what I read, the static MAC address configured will dissappear fron the running-config if the the aging timers is reach but I do not know how long is this aging timers.
Yes it applies to static secure addresses but the aging is for the CAM table not the running-config.
I don't know the default value when enabled but show port-security and/or sw mac address-table static xxxx.xxxx.xxxx will give you the answer.
Regards.
Alain.
08-15-2011 07:46 AM
Hi Alain,
I think that I probably misinterpret the following paraghaph from the following link;
http://www.ciscopress.com/articles/article.asp?p=99029&seqNum=3
You can define an optional security-aging feature to cause all secure addresses to become obsolete without having to manually remove each of them.
I thought that removing each of them meant that the switchport port-security mac-address mac-address command was removed from the running-configuiration.
If I have followed you correctly, the aging only aged out the static entry in the CAN table not the one that are configured in the running-config
Thanks for all your help
Stephane
02-01-2012 10:17 AM
As I read, the static MAC address configured will dissappear from the running-config if the the aging timers is reach.What is the exact mean of dissappear here. Is it mean after time expire, a different mac-address can enter in network or something else? Please explain.......
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide