22-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-10
Chapter 22 Configuring Port-Based Traffic Control
Configuring Port Security
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for static and dynamic secure addresses on a port.
Two types of aging are supported per port:
• Absolute—The secure addresses on the port are deleted after the specified aging time.
• Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of statically configured secure addresses on a per-port basis.
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
To disable port security aging for all secure addresses on a port, use the no switchport port-security
aging time interface configuration command. To disable aging for only statically configured secure
addresses, use the no switchport port-security aging static interface configuration command.
This example shows how to set the aging time as 2 hours for the secure addresses on a port:
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport port-security aging time 120
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port on which you want to enable port security aging, and enter
interface configuration mode.
Note The switch does not support port security aging of sticky secure
addresses.
Step 3
switchport port-security aging
{static | time time | type {absolute |
inactivity}}
Enable or disable static aging for the secure port, or set the aging time or
type.
Enter static to enable aging for statically configured secure addresses on this
port.
For time, specify the aging time for this port. The valid range is from 0 to
1440 minutes. If the time is equal to 0, aging is disabled for this port.
For type, select one of these keywords:
• absolute—Sets the aging type as absolute aging. All the secure
addresses on this port age out after the specified time (minutes) lapses
and are removed from the secure address list.
Note The absolute aging time could vary by 1 minute, depending on the
sequence of the system timer.
• inactivity—Sets the aging type as inactivity aging. The secure addresses
on this port age out only if there is no data traffic from the secure source
addresses for the specified time period.
Step 4
end Return to privileged EXEC mode.
Step 5
show port-security [interface
interface-id] [address]
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General