From: Scott Morris (swm@emanon.com)
Date: Tue Jan 02 2007 - 22:56:37 ART
Aging time applies specifically to dynamically learned ones. That way, say
in a campus environment, you have one student leave and you don't have to
wait three weeks before another one is allowed on. All of this is a balance
of security and convenience (e.g. less support calls!).
I haven't tested to see whether it applies to statically defined ones as
well, but my guess would be no. Just like arp timers.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Chee
Chew Leong
Sent: Tuesday, January 02, 2007 8:10 PM
To: Scott Morris
Cc: ccielab@groupstudy.com; 'JB'; nobody@groupstudy.com; 'Ronnie Angello'
Subject: RE: switchport port-security aging time
Just to add on, the time out only applicable to statically configure max
address. It does not applicable to sticky learned.
Am I write?
"Scott Morris" <swm@emanon.com>
Sent by: nobody@groupstudy.com
12/30/2006 10:56 PM
Please respond to
"Scott Morris" <swm@emanon.com>
To
"'JB'" <jellyboy@gmail.com>, "'Ronnie Angello'" <ronnie.angello@gmail.com>
cc
<ccielab@groupstudy.com>
Subject
RE: switchport port-security aging time
Well... The absolute time would be based on when the address is learned.
The inactivity time would be based on when traffic was last received from
that learned address.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of JB
Sent: Saturday, December 30, 2006 4:15 AM
To: Ronnie Angello
Cc: ccielab@groupstudy.com
Subject: Re: switchport port-security aging time
Hi, Thanks for the reply. Would any event start this aging process or is
it
as soon as the mac address is learned? I see there are 2 options absolute
<default> and inactivity.
JB
On 12/29/06, Ronnie Angello <ronnie.angello@gmail.com> wrote:
> It would set the aging time for all secure addresses on the port.
>
>
> On 12/29/06, JB <jellyboy@gmail.com> wrote:
> >
> > Hi All, I'm a bit stuck on this one- what the switchport
> > port-security aging time command does exactly? I am thinking along
> > the lines of it being used:
> >
> >
> > interface FastEthernet0/7
> > switchport access vlan 5
> > switchport mode access
> > switchport port-security
> > switchport port-security maximum 2
> > switchport port-security aging time 1
> >
> > This would allow 2 macs to be allowed on port 7. If one mac was
> > deleted, then then another could be learned after an absolute time
> > of
> > 1 minute. Am I correct or got the functionality way off the mark?
> >
> > TIA,
> >
> > JB
> >
> >
> ______________________________________________________________________
> _
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART