Aging Secure Mac Addresses - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 55
Configuring Port Security
Aging Secure MAC Addresses
You might want to age secure MAC addresses when the switch may be receiving more than 3,000 MAC
addresses ingress.
Note
Aging of sticky addresses is not supported.
By default, port security does not age out the secure MAC addresses. After learned, the MAC addresses
remain on the port until either the switch reboots or the link goes down (unless the sticky feature is
enabled). However, port security does allow you to configure aging based on the absolute or inactivity
mode and aging interval (in minutes, from 1 to n).
•
•
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure
MAC addresses, while still limiting the number of secure addresses on a port.
Unless static aging is explicitly configured with the switchport port-security aging static command,
static addresses are not aged even if aging is configured on the port.
The aging increment is one minute.
Note
Sticky Addresses on a Port
By enabling sticky port security, you can configure an interface to convert the dynamic MAC addresses
to sticky secure MAC addresses and to add them to the running configuration. You might want to do this
if you do not expect the user to move to another port, and you want to avoid statically configuring a MAC
address on every port.
Note
If you use a different chassis, you might need another MAC address.
To enable sticky port security, enter the switchport port-security mac-address sticky command. When
you enter this command, the interface converts all the dynamic secure MAC addresses, including those
that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is
the startup configuration used each time the switch restarts. If you save the running config file to the
configuration file, the interface does not need to relearn these addresses when the switch restarts. If you
do not save the configuration, they are lost.
If sticky port security is disabled, the sticky secure MAC addresses are converted to dynamic secure
addresses and are removed from the running configuration.
After the maximum number of secure MAC addresses is configured, they are stored in an address table.
To ensure that an attached device has sole access of the port, configure the MAC address of the attached
device and set the maximum number of addresses to one, which is the default.
Absolute mode—Ages between n and n+1
Inactivity mode—Ages between n+1 and n+2
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
About Port Security
55-5
Advertisement
Chapters
Table of Contents
Troubleshooting
