ASW2(config-if)#do sh ver | i (Model number| WS-C2960) cisco WS-C2960-8TC-L (PowerPC405) processor (revision A0) with 65536K bytes of memory. Model number : WS-C2960-8TC-L * 1 9 WS-C2960-8TC-L 15.0(2)SE8 C2960-LANBASEK9-M ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 416 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address sticky switchport port-security mac-address sticky b827.eb41.c943 switchport port-security mac-address sticky b827.eb8a.3719 switchport port-security aging time 1 switchport port-security aging type inactivity switchport port-security end
mac address in CAM table show as STATIC entry.
and disable port-security feature, this entry deleted.
no mac address-table dynamic
has no effect.
it only work
no switchport port-security
Seems to be will effect dynamic only.
Aging time value means in minutes. not seconds.
interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security aging time 1 switchport port-security aging type inactivity switchport port-security end
do sh mac address-table int f0/3 do sh run int f0/3 | i sticky
plug out ethernet cable to b827.eb17.5d00
no switchport port-security mac-address sticky b827.eb17.5d00 do sh mac address-table int f0/3 do sh run int f0/3 | i sticky
ASW2#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/3 2 2 300 Restrict --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192
ASW2#show port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh run int f0/3 Building configuration... Current configuration : 416 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address sticky switchport port-security mac-address sticky b827.eb41.c943 switchport port-security mac-address sticky b827.eb8a.3719 switchport port-security aging time 1 switchport port-security aging type inactivity switchport port-security end ASW2#sh port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 1 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 2 Last Source Address:Vlan : b827.eb41.c943:1 Security Violation Count : 300
ASW2(config-if)#no switchport port-security aging time ASW2(config-if)#^Z ASW2#sh port-security int f0/3 *Mar 1 14:17:22.633: %SYS-5-CONFIG_I: Configured from console by console ASW2#sh port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 0 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 2 Last Source Address:Vlan : b827.eb41.c943:1 Security Violation Count : 300
ASW2(config)#int f0/3 ASW2(config-if)#no swi ASW2(config-if)#no switchport po ASW2(config-if)#no switchport port-security mac ASW2(config-if)#no switchport port-security mac-address sti ASW2(config-if)#no switchport port-security mac-address sticky ASW2(config-if)#do sh ru ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 212 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security aging type inactivity switchport port-security end ASW2(config-if)#switchport port-security aging time 1 ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 251 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security aging time 1 switchport port-security aging type inactivity switchport port-security end ASW2(config-if)#switchport port-security aging time 2 ASW2#sh port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 2 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : b827.eb8a.3719:1 Security Violation Count : 300
つなぐ
ASW2#sh port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2# *Mar 1 14:26:54.300: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb17.5d00 on port FastEthernet0/3. ASW2#sh port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2# *Mar 1 14:26:59.358: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb17.5d00 on port FastEthernet0/3. ASW2# *Mar 1 14:27:04.375: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb17.5d00 on port Fast Ethernet0/3. ASW2# ASW2#sh port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 1 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh por add Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 1 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh port address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 < 1 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh port address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/3 2 1 415 Restrict --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#show por ASW2#show port-security add ASW2#show port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh ASW2#show por ASW2#show port-security secu ASW2#show port-security int f0/e ^ % Invalid input detected at '^' marker. ASW2#show port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 2 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : b827.eb17.5d00:1 Security Violation Count : 415 ASW2#show port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb17.5d00 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#show port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb17.5d00 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2# *Mar 1 14:31:31.074: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#show port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb17.5d00 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2# *Mar 1 14:31:36.073: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/3 2 2 549 Restrict --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#show port-security *Mar 1 14:32:27.789: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#show port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 2 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : b827.eb41.c943:1 Security Violation Count : 566 ASW2# *Mar 1 14:32:33.754: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#sh por ASW2#sh port-security *Mar 1 14:32:38.762: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#sh port-security add ASW2#sh port-security address Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb17.5d00 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2# *Mar 1 14:32:43.761: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2# *Mar 1 14:32:49.751: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b827.eb41.c943 on port FastEthernet0/3. ASW2#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/3 2 2 604 Restrict --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2#sh port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 2 mins Aging Type : Inactivity SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : b827.eb41.c943:1 Security Violation Count : 604
ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb8a.3719 SecureConfigured Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb8a.3719 SecureConfigured Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#swi ASW2(config-if)#switchport por ASW2(config-if)#switchport port-security agi ASW2(config-if)#switchport port-security aging sta ASW2(config-if)#switchport port-security aging static ? <cr> ASW2(config-if)#switchport port-security aging static ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 343 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address b827.eb8a.3719 switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security aging static switchport port-security end
ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) 1 b827.eb8a.3719 SecureConfigured Fa0/3 1 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 343 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address b827.eb8a.3719 switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security aging static switchport port-security end ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureDynamic Fa0/3 2 (I) ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 290 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security aging static switchport port-security end
this aging time not applied sticky learning
ASW2(config-if)#do sh run int f0/3 Building configuration... Current configuration : 455 bytes ! interface FastEthernet0/3 switchport mode access switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address sticky switchport port-security mac-address sticky b827.eb41.c943 switchport port-security mac-address sticky b827.eb8a.3719 switchport port-security aging time 2 switchport port-security aging type inactivity switchport port-security aging static switchport port-security end ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security addr Secure Mac Address Table ----------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 b827.eb41.c943 SecureSticky Fa0/3 - 1 b827.eb8a.3719 SecureSticky Fa0/3 - ----------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 8192 ASW2(config-if)#do sh port-security int f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Restrict Aging Time : 2 mins Aging Type : Inactivity SecureStatic Address Aging : Enabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 2 Last Source Address:Vlan : b827.eb17.5d00:1 Security Violation Count : 523