cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

6249
Views
0
Helpful
5
Replies
Frequent Contributor

switchport port-security aging static command

hi,

Can someone please explain we the above command with example.

many thanks

mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: switchport port-security aging static command

mahesh18 wrote:

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#

if you can explain me this please

mahesh

Mahesh

If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.

This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.

Jon

5 REPLIES 5
VIP Expert

Re: switchport port-security aging static command

Frequent Contributor

Re: switchport port-security aging static command

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

if you can explain me this please

mahesh

Hall of Fame Guru

Re: switchport port-security aging static command

mahesh18 wrote:

Hi Reza,

thanks for reply i read from cisco website following note but i did not understand what this mean

You can use port security aging to set the aging time for all secure addresses on a port.

#

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port.

#

if you can explain me this please

mahesh

Mahesh

If you have a port security setting of 5 secure addresses allowed then when the switch has learnt these 5 addresses no more addresses will be allowed. If there is no aging time for the entries then the entry simply remains there as long as the switch is up. If you now want to remove one of the PC's and replace it with another you have a problem because the pot has already learned 5 addresses so it will not allow another.

This is where you use the aging timer. If for example you set the port-security aging timer to 1 then you would only have to wait one minute before the mac-address for the PC you disconnected is removed and now the switch only has 4 addresses learnt on that port. So you can now add your new PC and it will be allowed on that port and becomes the 5th address learned.

Jon

Frequent Contributor

Re: switchport port-security aging static command

Hi Jon,

Many thanks for wonderful explanation.

best regards

mahesh

Highlighted
Beginner

Re: switchport port-security aging static command

"Switchport port-security aging static" command enables aging of statically configured secured MAC address i.e., the addresses that you configured using “switchport port-security mac-address xxxx.xxxx.xxxx” command.

 

Issuing “switchport port-security aging static” and “switchport port-security aging time x” remove the statically configured address from the address-table and running configure.

 

When you check with “show run interface x” command, you will see that “switchport port-security mac-address xxxx.xxxx.xxxx” is missing from running configuration automatically after the aging time that you configured.

 

By checking with MACOF from Kali Linux and a switch, clear my confusion for this. 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards