3850 Port-Securty Aging-Time Issue

Similar Messages

• CAM aging time VS Port-security aging time

  Hi All
  Please advise on the following:
  - Without port-security configured, MACs per interface are learnt as "Dynamic" entries and the global CAM aging timer applies (300 seconds) unless tweaked manually.
  - With switchport port-security enabled (without port-security mac-address sticky, which holds onto MACs infinitely) I see MACs being learnt as "Secure-Dynamic" in a show port-security interface gix/x output and as "Static" in the output of show mac address-table interface gix.x .
  What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too? as I see their is also a option to configure port-security mac-address aging time / type, does this overrule / take precedence over the default CAM aging timer?
  Please assist, its not documented anywhere and its driving me a bit nuts!
  Thanks folks

  What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too?
  Any aging time you configure with port security will take precedence over the default aging time.
  See this thread for details -
  https://supportforums.cisco.com/discussion/11054341/switchport-port-security-commands-help
  Jon

• Printer aging-time "best practice"

  Hi,
  Our new printers are loosing their ip address'es after some time with no use...
  I guess that they are not sending any frames onto the port, and the aging-time on the vlan is kicking in.
  And when reading this forum a few suggestions comes up.
  Changing aging-time on vlan for printers. (are there any known caveats changing this?) 
  Static mac address settings on port (we have ~500 printers, so that feels somewhat funky)
  How do you guys handle this?
  This is a normal port config for our printer ports on a 2960 tc-l  12.2(58)SE1.
  interface FastEthernet0/21
   description printerVlan
   switchport access vlan 3
   switchport mode access
   switchport nonegotiate
   switchport block multicast
   switchport block unicast
   switchport voice vlan 2
   switchport port-security maximum 3
   switchport port-security
   switchport port-security aging time 2
   switchport port-security violation restrict
   switchport port-security aging type inactivity
   switchport port-security aging static
   srr-queue bandwidth share 10 10 60 20
   priority-queue out 
   mls qos trust cos
   storm-control broadcast level 10.00
   auto qos voip trust 
   no cdp enable
   spanning-tree portfast
   spanning-tree bpdufilter enable
  All ideas are welcome.
  Regards Falk

  If you create a new ASO (remember, this does not work in BSO) database, right click in the outline (okay, the completely blank outline).
  You should see a pop up menu with "Create date-time dimension..."
  I should also note that you have to click on the word "Outline: dbname" to do this.
  I wonder if you are trying to do this in a BSO app as that will make the menu item show up unselected.
  Regards,
  Cameron Lackpour

• Problem: Socket connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time

  Problem: Socket
  connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time
  Environment: -
  OS:
  Windows XP SP2/7
  Code:
  VC 6.0
  Dll: MFC
  Problem Description: -
  We have written a utility program which create socket (Using windows standard method [MFC]), and then make connection with another service (List Display) running
  on port 3334 in different machine and retrieve the required list data. This program was working fine in almost all the machines.
  But, we have received a severe intermittent issue on two machines. Client is facing issue in displaying the list data from port 3334.
  Attempt: -
  First we tried to debug code, and we come to know that socket is not creating in utility program. So we tried to telnet on ListDisplay service port 3334 and we were surprised that we were able to telnet, then we opened some more
  telnet window on same port 3334 around (6 to 8) window, and each cmd connected properly. But we were not able to create socket from utility program.
  Problem is severe because issue is intermittent.
  We have tried all the way, but we are not able to figure it out, that what can be the exact problem and what are the conditions, when utility program will not
  connect with ListDisplay service on port 3334.
  Kindly assist to resolve this issue. For any help, we would be really thankful.

  Hi,
  According to your description, it seems that you have created an utility program which is making connection with another service port 3334, however, two clients are facing issue in display the data list from port 3334.
  Port: 3334/TCP
  3334/TCP - Known port assignments (1 record found)
  Service
  Details
  Source
  directv-web
  Direct TV Webcasting
  IANA
  Since the port 3334 is used by directv-web service, I'd like to suggest check this service it is working well on the problematic clients.
  1. The client can be resolved in DNS well? Please run "nslookup" in the prompt command.
  2. Is there any 3rd party application interrupting? Do test in clean boot.
  2. Strongly suggest you run process monitor tool to analysis it.
  I am looking forward to your reply if you have any updated on your side.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• ARP Aging Time

  Hi there,
  Just wondering why, when i do show arp, in my WS-C4506, whith Supervisor II+ 1000BaseX, and cat4000-i9k91s-mz.122-25.EWA5.bin, it seems that i have +/- 20 % of arp entrys with the aging time of 0 sec all the time.
  I think it should increment that aging time till 300 sec (by default), and then reset, but not all the entries do it.
  Any ideias of what kind of "process" is causing it ?
  I have all in the vlan1, and the ip's that soffer this issue are hosts and Cisco equipments.
  Thank you in advance.
  Petr?nio

  Friend,
  I think you are a little confused with the ARP aging time and the mac-address aging time (also called as CAM table)
  The default ARP aging time is 4 hours but the switch hold the CAM table entires only for 5 minutes.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00807347ab.shtml#troubleshoot
  A permanent ARP entry does not have any timer assoiciated with it and is not shown as "0" but as "-".
  The thing which you are seeing is basically the cam is being aged out after 5 mins from the switch and is not incrementing as no frames are being received on the port.
  HTH, rate if it does
  Narayan

• How to plug a hard drive on the USB port of a Time Capsule. TC in bridge mode

  Hello
  I would like to connect a hard drive onto the USB port of a Time Capsule. This is for saving files (different frome the Time Machine savings). I am struggling to get it working it seems that I can see the HD when under "drives or discs" (running Snow Leopard in French) from the AirPort Utility but I can't access to it.
  The TC is in bridge mode.
  Thanks for help and guidances.
  Best
  Pierre

  The question is clear enough.. I just don't understand why you are having issues.
  Can you see in the internal disk of the TC in the finder?
  What format are you using on this disk? Try and format it HFS+ if it isn't already.
  If you plug it directly into the Mac it works ok??
  The other issue is the need for a powered hub on the TC due to the low power it gives the internal port.. or lack of bios compatibility with a range of usb hub chips. Try a powered hub as that can also help.

• Max-.Aging Time

  Hallo
  We are experiencing a strange behavior in our LAN, the MAC- Addresses of the Workstations that are connected to LAn but not generating traffic are being deleted from the Mac- Address-Table after 10s although the aging - Time is set to 300 s.
  Does anybody have an Idea Why.
  Thanks
  Ali

  Hello,
  No it is not, the Network where this problem noticed is more complex and it is a topology where the three layers exists ( Core,distribution and access), the problem where noticed on access switches have redundant links. portfast is being used on ports connected to workstation. It so the the the switch loses the mac-addresses of the stations that are directly connected to it after approx.
  15 sec.
  Thanks

• 3750 mac-address-aging timer

  Hi,
  i'm trying to change mac-address timers but having problems, i.e the change I’m trying to change mac-address-aging timers but having problems, i.e. the change only applies to existing active vlans. if i add new vlan after changing mac-address-aging timer it will have default value 300. Is this way it works or I’m missing something?
  3750-sw-1(config)#mac-ad aging-time 1300
  3750-sw-1#sh mac-ad ag
  Vlan Aging Time
  10 1300
  20 1300
  30 1300
  3750-sw-1#! Now adding a new vlan
  3750-sw-1#conf t
  3750-sw-1(config)#vlan 40
  3750-sw-1 (config-vlan
  3750-sw-1#sh mac-ad ag
  Vlan Aging Time
  10 1300
  20 1300
  30 1300
  40 300
  New vlan 40 has default value????

  Just checked the command reference. In the usage guidelines it states:
  Usage Guidelines
  If hosts do not send continuously, increase the aging time to record the dynamic entries for a longer time. Increasing the time can reduce the possibility of flooding when the hosts send again.
  If you do not specify a specific VLAN, this command sets the aging time for all VLANs.
  The last sentence is relevant to your question. The command may also be issued on a particular vlan.
  New vlans are created after setting this parameter globally will hence be using the default values.
  The key issue to check if this is a bug or not is to check whether the global command is reflected in the config. If it was, I would call the issue a bug.
  As it is not, you must approach this as a parameter that can (and should) be set per vlan. After creating a new vlan, you may add this line in the script or re-issue the global command.
  Regards,
  Leo

• How can I test the usb port on my Time Capsule to see if it is working?

  Ever since lightening struck nearby (which took out our internet and copy machine) the printer I had connected to the usb port on my Time Capsule in my office has has failed to print through the TC. I can plug the printer directly into my MacBookAir and can print just fine. So there is nothing wrong with the printer nor the usb cable.
  I've turned off and unplugged the printer with the usb cable connected & disconnected to the TC, no change. I've unplugged the TC, no change. I've opened the printer utility several times, and always get the "offline" error. I open the print queue, and it says the printer is not connected. I reinstalled the driver for the printer, still the same thing.
  I'm starting to wonder if the usb port on my Time Capsule got fried. Any help anyone can give in trying to see if the usb port even functions anymore would be greatly appreciated.
  My Time Capsule is model no. A1409.

  Power is not likely to be killed .. it is the data components that are more fragile.
  So you do have power which as you say is why the USB flashes.. but you don't have signal.
  The only other thing you can do is use USB powered hub.. if you have one handy.. but I would not go out and buy one.
  A damaged board is impossible (at cost less than replacement TC) to repair. And repairers do not like working on stuff damaged by lightning as components that did survive were stressed.. the transistor junctions become liable to fail at any time.. so you repair it and it just keeps coming back as not working. Sorry if you cannot use it without USB junk it and buy a replacement. A second hand Gen3 is about the best of them it seems.
  You can also buy an ethernet to USB print server.. but a new ethernet or wireless network printer is probably near to the same price.
  You can hunt ebay for second hand USB print servers.. or airport express, extreme or TC.. often you can find something suitable for just a few dollars if you shop well. Since you don't need the latest greatest to do this sort of job.. and people are disposing of things like USB print servers as soon as they buy network printers.

• HT4356 I have an older HP connected to the usb port of my Time Machine, and have it shared.  I want to print from my iPhone on the network, but it can not be found in airport?  How do I make this work?

  I have an older HP connected to the usb port of my Time Machine, and have it shared.  I want to print from my iPhone on the network, but it can not be found in airport?  How do I make this work?

  AirPrint printers connected to the USB port of the Apple AirPort Base Station or Time Capsules are not supported with AirPrint.
  Read through this for information about Airprint printers and how to use them:
  http://support.apple.com/kb/ht4356

• How to add an "age / time counter" into DW?

  Can anyone assist on how to add an age / time counter into DW?
  In other words to say "Child X is now a years, b months old"? or "Product Z was launched A years B months ago"? Or, on the other hand, "You only have Z days & Y minutes left to enter"? With it updating in real time?
  Apologies in advance if this is a silly / obvious question but I just can't seem to do it!

  This isn't something you would add to DW, you would need to add it to your webpages. You would do this with javascript. Search the web for
  'javascript countdown timer' for plenty of examples.

• Time issue- urgnt

  HI Expert !
  I m using this code .
  LTIME TYPE SY-UZEIT
  T1 TYPE SY-UZEIT VALUE 030000,
  T2 TYPE SY-UZEIT VALUE 050000,
  BUT WHEN I M USING T1 AND T2  in loop ( if  statement ),ITS value r
  T1 =  082000.
  t2  = 131100 .
  if  t1(6)  t2(6 )
  ltime (6 ).
  then ok . but in this i wont be able to make comparison in if statement
  how i can resolve this time issue
  i dont want to include timings between 3.00 a.m and 5.00 ,
  for this i have used this code but its not updating data for any employee , is this code correct or not.
  OPEN DATASET PA_FILE FOR INPUT IN TEXT MODE ENCODING DEFAULT.
  DO.
  READ DATASET PA_FILE INTO REC.
  CLEAR WA_PUNCHES.
  IF SY-SUBRC <> 0.
  EXIT.
  ENDIF.
  WRITE: / REC.
  if NOT ( WA_SCORE-LTIME GE T1 AND WA_SCORE-LTIME LE T2 ) .
  AND
  ***( WA_SCORE-TERID NE TR3 AND
  ***WA_SCORE-TERID NE TR4 AND
  ***WA_SCORE-TERID NE TR5 AND
  ***WA_SCORE-TERID NE TR6 AND
  ***WA_SCORE-TERID NE TR7 AND
  ***WA_SCORE-TERID NE TR8 ) .
  WA_SCORE-PERNR = REC+0(8) .
  WA_SCORE-LDATE = REC+9(8) .
  WA_SCORE-LTIME = REC+18(6) .
  WA_SCORE-CANID = REC+25(8) .
  WA_SCORE-TERID = REC+34(4) .
  APPEND WA_SCORE TO IT_SCORE.
  ELSE .
  EXIT .
  ADD 1 TO COUNT.
  ENDIF .
  ENDDO.
  plz help me . its very imp. program .
  thanks

  Hi,
  Pass values in quotes
  T1 TYPE SY-UZEIT VALUE '030000',
  T2 TYPE SY-UZEIT VALUE '050000',
  Can you please check once again after making this change in debug mode, values of T1, T2 and LTIME.
  ashish

• Aging Time

  Hi,
  I would like to ask What is Aging Time and its purpose.
  Thanks,
  Dyep

  For the original poster, although Giuseppe provides an excellent description of the MAC aging timer in reference to CAMs, and since you mark his post as resolving your question, I just want to re-emphise in reference to your original question there are multiple aging timers, a couple besides ARP's and CAM's. The principle is generally the same, and such timers might be adjusted for various reasons. (For example, setting ARP and CAM aging timers can make or break unicast flooding.)
  [edit]
  I wrote too soon, see you've marked my original post as also resolving your question. BTW: The interplay between ARP and MAC aging timer, and how it can cause unicast flooding, I think, is worth knowing. You might want to read http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

• Time issue seems odd to me

  I put a secondary domain and po at a remote location - running 8.03 on Sles/Oes and moved all of the "local" users to that po.
  while everything seems to run ok we have a weird time issue.
  Mail into and out of the new mailboxes shows a three and a half hour time difference both in the date column in the groupwise client and in the printed header of the email.
  The odd thing is that if I go to the properties of the email - the Creation date and the File date and time are both correct.
  I can't see any time issues with the servers (primary or secondary) and especially something that would be 3:30 minutes off
  there is a timezone difference between the pri and sec but that's just 1 hour.
  Any thoughts?
  As a workaround I have had my users add the creation column to see when they actually received the email as our clients have time critical projects.
  Thanks
  Dennis

  Danita,
  Thanks for the reply - Oh how I wish it were that easy - I've checked and double checked the PO object and the domain object - both say US eastern time.
  If I send email from a mailbox on the secondary to the primary - everything is correct (a 1 hour time difference - Eastern to Central)
  If I send mail from a mailbox on the primary to the secondary - it shows up right away, but says 3:30 minutes later than it should (in Date/Time, but not in Created)
  If I send email from a mailbox on the secondary to a GMail account - the header shows the 3:30 offset, but the properties of the mail shows correctly.
  I would be happy to send email from that po to anyone that wants to see for themselves.
  Other than the PO Object and the DOM object - Where should I be looking for a time difference
  and how would it be getting UTC minus 30 minutes - - Is there a special timezone out there for Hy Brasil?
  The workstations all get their time settings from "time.windows.com" the windows default.
  Thanks for looking into this - I just hope that I can get it figured out because as small of an issue that I think it is (they get their email, it just looks like it gets read before they officially receive it)
  but it seems that this office uses the received time to track how long it takes them to do their work.
  Dennis

• Real time issue

  Hi all,
  Can any body plz send me some FICO real time issue on [email protected]
  and plz tell me hw shld I prepare for interview
  Thanks & Regards
  Vaibhav

  Hi Balraj,
  In the normal practice, developers will try to find the similer infocube (as per the requirement) in the Business content. But always you will not be lucky to find such infocube in Business content. You need to create at your own to suite the business requirements. Regarding the characteristcs & key figure, it 's again depend on the requirements. Calculated object can be assign as key figure like. Sales qty, revenue & net sales etc. where as Dimesion (characteritcs) will be purely depends on the reporting point of view. Like Customer, Material & Sales Document type etc.
  Hope this will help you !
  Thanks,
  Sanjiv