Chapter 23
Configuring Port-Based Traffic Control
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport port-security aging {static | time time |
type {absolute | inactivity}}
Step 4
end
Step 5
show port-security [interface interface-id]
[address]
Step 6
copy running-config startup-config
To disable port security aging for all secure addresses on a port, use the no switchport port-security
aging time interface configuration command. To disable aging for only statically configured secure
addresses, use the no switchport port-security aging static interface configuration command.
This example shows how to set the aging time as 2 hours for the secure addresses on a port:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport port-security aging time 120
This example shows how to set the aging time as 2 minutes for the inactivity aging type with aging
enabled for the configured secure addresses on the interface:
Switch(config-if)# switchport port-security aging time 2
Switch(config-if)# switchport port-security aging type inactivity
Switch(config-if)# switchport port-security aging static
You can verify the previous commands by entering the show port-security interface interface-id
privileged EXEC command.
OL-26520-01
Purpose
Enter global configuration mode.
Specify the interface to be configured, and enter interface
configuration mode.
Enable or disable static aging for the secure port, or set the
aging time or type.
Note
The switch does not support port security aging of
sticky secure addresses.
Enter static to enable aging for statically configured secure
addresses on this port.
For time, specify the aging time for this port. The valid range is
from 0 to 1440 minutes.
For type, select one of these keywords:
•
absolute—Sets the aging type as absolute aging. All the
secure addresses on this port age out exactly after the time
(minutes) specified lapses and are removed from the secure
address list.
inactivity—Sets the aging type as inactivity aging. The
•
secure addresses on this port age out only if there is no data
traffic from the secure source addresses for the specified
time period.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Configuring Port Security
23-17