Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
3
Replies

Switchport Security Inactivity aging times

kodywilson7392
Level 1
Level 1

‎10-03-2025 07:38 AM - edited ‎10-03-2025 07:42 AM

I'm looking at some macro configs and I noticed we have basically a macro for a PLC and a Macro for PC. Here are the two configs below:

interface GigabitEthernet1/3
description EN2T Slot 2
switchport mode access
switchport port-security violation restrict
switchport port-security aging type inactivity
switchport port-security
ip arp inspection trust
load-interval 30
macro description ab-ethernetip
alarm-profile ab-alarm
spanning-tree portfast
service-policy input CIP-PTP-Traffic
service-policy output PTP-Event-Priority

interface GigabitEthernet2/2
description IBA Server .4
switchport mode access
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
macro description desktop-automation
alarm-profile ab-alarm
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default

 

They are both configured for port security but the PC has the aging time for inactivity explicitly stated as 2, while the one for the PLC does not have any aging time set. Does anyone know what the behavior would be for the PLC port? I can't find any information about a default inactivity aging timer when it is configured, but not explicitly stated.

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-03-2025 08:48 AM

Since PLC is always connected, it does not move like dynamic ports; I can go with it in minutes.

switchport port-security maximum 1

Even if you prefer a more secure option, I recommend a stick MAC, so no other device can work on that port until you replace the PLC with a new device.

example :

configure terminal
  interface <interface-id>
    switchport mode access
    switchport port-security
    switchport port-security maximum 1
    switchport port-security mac-address sticky
    switchport port-security violation shutdown
  end

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

kodywilson7392
Level 1
Level 1
In response to balaji.bandi

‎10-04-2025 08:03 AM

I understand how to set it up. I was more wondering what the behavior would
actually be with the macros as they exist.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to kodywilson7392

‎10-04-2025 10:08 AM

what model switch is the IE switch model ?

Cat 9300 never used Macros with PLC - but above configuration works for me

if you looking macros - then look below document :

https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie3000/software/release/15-2_2_e/configuration/guide/scg_ie3000/swmacro.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents