Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > What is aging?

Reply
Thread Tools

What is aging?

 
 
Bruce Meyer
Guest
Posts: n/a
 
      08-14-2007
I am locking down switchports throughout our enterprise.
I haved read many articles on Configuring the Secure MAC Address Aging
Type on a Port, but am at a complete loss for WHAT aging actually is.
Currently I am leaving it disabled as though i have found lots of
articles on how to conifgure it, I don't know what it is, or why I
want to, or don't want to use it.
Could someone explain it for me please? (No plain english!)

My goal is to lock down ports for the currently connected port, so if
my wild guess is correct, i won't be using aging anyway.

Thanks for any help folks.

Bruce D. Meyer

 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      08-14-2007
On Aug 14, 1:17 pm, Bruce Meyer <(E-Mail Removed)> wrote:
> I am locking down switchports throughout our enterprise.
> I haved read many articles on Configuring the Secure MAC Address Aging
> Type on a Port, but am at a complete loss for WHAT aging actually is.
> Currently I am leaving it disabled as though i have found lots of
> articles on how to conifgure it, I don't know what it is, or why I
> want to, or don't want to use it.
> Could someone explain it for me please? (No plain english!)
>
> My goal is to lock down ports for the currently connected port, so if
> my wild guess is correct, i won't be using aging anyway.
>
> Thanks for any help folks.
>
> Bruce D. Meyer


While I don't know the specific context w/ security, aging is the
timeout period of MAC addresses in the switches CAM/MAC table.
Basically, the CAM table junctions what MACs are on what ports, and
tells the switch where things need to be forwarded at level 2. If the
aging table is set high, and a person unplugs a server and plugs
something in that just listens (if it sends any frames, the switch
will update the CAM table with the new MAC off the source of the
frame), then it can potentially 'sniff' traffic that was destined for
the previous station. Just because it is unplugged doesn't mean the
CAM table ages out, it is usually set by CAM and ARP aging on the
switches and routers. ARP aging is the same, but it junctions IP to
MAC. While it isn't cake to spoof a MAC, it is possible.

 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      08-14-2007
On Aug 14, 1:20 pm, Trendkill <(E-Mail Removed)> wrote:
> On Aug 14, 1:17 pm, Bruce Meyer <(E-Mail Removed)> wrote:
>
> > I am locking down switchports throughout our enterprise.
> > I haved read many articles on Configuring the Secure MAC Address Aging
> > Type on a Port, but am at a complete loss for WHAT aging actually is.
> > Currently I am leaving it disabled as though i have found lots of
> > articles on how to conifgure it, I don't know what it is, or why I
> > want to, or don't want to use it.
> > Could someone explain it for me please? (No plain english!)

>
> > My goal is to lock down ports for the currently connected port, so if
> > my wild guess is correct, i won't be using aging anyway.

>
> > Thanks for any help folks.

>
> > Bruce D. Meyer

>
> While I don't know the specific context w/ security, aging is the
> timeout period of MAC addresses in the switches CAM/MAC table.
> Basically, the CAM table junctions what MACs are on what ports, and
> tells the switch where things need to be forwarded at level 2. If the
> aging table is set high, and a person unplugs a server and plugs
> something in that just listens (if it sends any frames, the switch
> will update the CAM table with the new MAC off the source of the
> frame), then it can potentially 'sniff' traffic that was destined for
> the previous station. Just because it is unplugged doesn't mean the
> CAM table ages out, it is usually set by CAM and ARP aging on the
> switches and routers. ARP aging is the same, but it junctions IP to
> MAC. While it isn't cake to spoof a MAC, it is possible.


Here is the config guide on it, looks like it sets the aging time of
secure MACs, playing off of what I said above:

http://www.cisco.com/en/US/products/...html#wp1042259

 
Reply With Quote
 
Bruce Meyer
Guest
Posts: n/a
 
      09-03-2007
On Aug 14, 2:52 pm, Trendkill <(E-Mail Removed)> wrote:
> On Aug 14, 1:20 pm, Trendkill <(E-Mail Removed)> wrote:
>
>
>
>
>
> > On Aug 14, 1:17 pm, Bruce Meyer <(E-Mail Removed)> wrote:

>
> > > I am locking down switchports throughout our enterprise.
> > > I haved read many articles on Configuring the Secure MAC Address Aging
> > > Type on a Port, but am at a complete loss for WHAT aging actually is.
> > > Currently I am leaving it disabled as though i have found lots of
> > > articles on how to conifgure it, I don't know what it is, or why I
> > > want to, or don't want to use it.
> > > Could someone explain it for me please? (No plain english!)

>
> > > My goal is to lock down ports for the currently connected port, so if
> > > my wild guess is correct, i won't be using aging anyway.

>
> > > Thanks for any help folks.

>
> > > Bruce D. Meyer

>
> > While I don't know the specific context w/ security, aging is the
> > timeout period of MAC addresses in the switches CAM/MAC table.
> > Basically, the CAM table junctions what MACs are on what ports, and
> > tells the switch where things need to be forwarded at level 2. If the
> > aging table is set high, and a person unplugs a server and plugs
> > something in that just listens (if it sends any frames, the switch
> > will update the CAM table with the new MAC off the source of the
> > frame), then it can potentially 'sniff' traffic that was destined for
> > the previous station. Just because it is unplugged doesn't mean the
> > CAM table ages out, it is usually set by CAM and ARP aging on the
> > switches and routers. ARP aging is the same, but it junctions IP to
> > MAC. While it isn't cake to spoof a MAC, it is possible.

>
> Here is the config guide on it, looks like it sets the aging time of
> secure MACs, playing off of what I said above:
>
> http://www.cisco.com/en/US/products/...cts_config...- Hide quoted text -
>
> - Show quoted text -


Thank-you. That clears it up for me.
--Bruce

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments