Last Updated on August 1, 2021 by Admin 2
In the following partial output of the show run command, which MAC address or addresses will be removed from the list of secure addresses after 240 seconds
- 0000.0000.aaaa
- 0000.0000.bbbb
- 0000.0000.aaaa and 0000.0000.bbbbb
- none of the MAC addresses will be removed after 240 seconds
The only address that will be removed or aged out of the secure MAC address list will be 0000.0000.aaaa. When port security is used on an interface, not only can you set a maximum number of MAC addresses that can use the interface, but you can also set the amount of time that an address can reside in the secure list.
When the switchport port-security command is used, you can specify whether the command applies to statically assigned MAC addresses or dynamically learned MAC addresses, called sticky addresses. In this scenario, line 6 of the output specifies that the command applies to static addresses. Since 0000.0000.aaaa is the only statically assigned MAC address (assigned in line 8 of the output), it is the only address that will age out. The amount of time is configured in terms of minutes and is done on line 5 with the switchport port-security aging time 4 command.
The MAC address 0000.0000.bbbb will not age out because it is a sticky secure address. The aging command only applies to static MAC addresses.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features