1. Home
  2. Cisco Systems
  3. What is aging?

What is aging?

I am locking down switchports throughout our enterprise. I haved read many articles on Configuring the Secure MAC Address Aging Type on a Port, but am at a complete loss for WHAT aging actually is. Currently I am leaving it disabled as though i have found lots of articles on how to conifgure it, I don't know what it is, or why I want to, or don't want to use it. Could someone explain it for me please? (No plain english!) :-)

My goal is to lock down ports for the currently connected port, so if my wild guess is correct, i won't be using aging anyway.

Thanks for any help folks.

Bruce D. Meyer

Reply to
Bruce Meyer
Loading thread data ...

While I don't know the specific context w/ security, aging is the timeout period of MAC addresses in the switches CAM/MAC table. Basically, the CAM table junctions what MACs are on what ports, and tells the switch where things need to be forwarded at level 2. If the aging table is set high, and a person unplugs a server and plugs something in that just listens (if it sends any frames, the switch will update the CAM table with the new MAC off the source of the frame), then it can potentially 'sniff' traffic that was destined for the previous station. Just because it is unplugged doesn't mean the CAM table ages out, it is usually set by CAM and ARP aging on the switches and routers. ARP aging is the same, but it junctions IP to MAC. While it isn't cake to spoof a MAC, it is possible.

Reply to
Trendkill

Here is the config guide on it, looks like it sets the aging time of secure MACs, playing off of what I said above:

formatting link

Reply to
Trendkill

quoted text -

Thank-you. That clears it up for me.

--Bruce

Reply to
Bruce Meyer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.