What is aging?

Discussion in 'Cisco' started by Bruce Meyer, Aug 14, 2007.

  1. Bruce Meyer

    Bruce Meyer Guest

    I am locking down switchports throughout our enterprise.
    I haved read many articles on Configuring the Secure MAC Address Aging
    Type on a Port, but am at a complete loss for WHAT aging actually is.
    Currently I am leaving it disabled as though i have found lots of
    articles on how to conifgure it, I don't know what it is, or why I
    want to, or don't want to use it.
    Could someone explain it for me please? (No plain english!) :)

    My goal is to lock down ports for the currently connected port, so if
    my wild guess is correct, i won't be using aging anyway.

    Thanks for any help folks.

    Bruce D. Meyer
     
    Bruce Meyer, Aug 14, 2007
    #1
    1. Advertising

  2. Bruce Meyer

    Trendkill Guest

    On Aug 14, 1:17 pm, Bruce Meyer <> wrote:
    > I am locking down switchports throughout our enterprise.
    > I haved read many articles on Configuring the Secure MAC Address Aging
    > Type on a Port, but am at a complete loss for WHAT aging actually is.
    > Currently I am leaving it disabled as though i have found lots of
    > articles on how to conifgure it, I don't know what it is, or why I
    > want to, or don't want to use it.
    > Could someone explain it for me please? (No plain english!) :)
    >
    > My goal is to lock down ports for the currently connected port, so if
    > my wild guess is correct, i won't be using aging anyway.
    >
    > Thanks for any help folks.
    >
    > Bruce D. Meyer


    While I don't know the specific context w/ security, aging is the
    timeout period of MAC addresses in the switches CAM/MAC table.
    Basically, the CAM table junctions what MACs are on what ports, and
    tells the switch where things need to be forwarded at level 2. If the
    aging table is set high, and a person unplugs a server and plugs
    something in that just listens (if it sends any frames, the switch
    will update the CAM table with the new MAC off the source of the
    frame), then it can potentially 'sniff' traffic that was destined for
    the previous station. Just because it is unplugged doesn't mean the
    CAM table ages out, it is usually set by CAM and ARP aging on the
    switches and routers. ARP aging is the same, but it junctions IP to
    MAC. While it isn't cake to spoof a MAC, it is possible.
     
    Trendkill, Aug 14, 2007
    #2
    1. Advertising

  3. Bruce Meyer

    Trendkill Guest

    On Aug 14, 1:20 pm, Trendkill <> wrote:
    > On Aug 14, 1:17 pm, Bruce Meyer <> wrote:
    >
    > > I am locking down switchports throughout our enterprise.
    > > I haved read many articles on Configuring the Secure MAC Address Aging
    > > Type on a Port, but am at a complete loss for WHAT aging actually is.
    > > Currently I am leaving it disabled as though i have found lots of
    > > articles on how to conifgure it, I don't know what it is, or why I
    > > want to, or don't want to use it.
    > > Could someone explain it for me please? (No plain english!) :)

    >
    > > My goal is to lock down ports for the currently connected port, so if
    > > my wild guess is correct, i won't be using aging anyway.

    >
    > > Thanks for any help folks.

    >
    > > Bruce D. Meyer

    >
    > While I don't know the specific context w/ security, aging is the
    > timeout period of MAC addresses in the switches CAM/MAC table.
    > Basically, the CAM table junctions what MACs are on what ports, and
    > tells the switch where things need to be forwarded at level 2. If the
    > aging table is set high, and a person unplugs a server and plugs
    > something in that just listens (if it sends any frames, the switch
    > will update the CAM table with the new MAC off the source of the
    > frame), then it can potentially 'sniff' traffic that was destined for
    > the previous station. Just because it is unplugged doesn't mean the
    > CAM table ages out, it is usually set by CAM and ARP aging on the
    > switches and routers. ARP aging is the same, but it junctions IP to
    > MAC. While it isn't cake to spoof a MAC, it is possible.


    Here is the config guide on it, looks like it sets the aging time of
    secure MACs, playing off of what I said above:

    http://www.cisco.com/en/US/products..._guide_chapter09186a00800da706.html#wp1042259
     
    Trendkill, Aug 14, 2007
    #3
  4. Bruce Meyer

    Bruce Meyer Guest

    On Aug 14, 2:52 pm, Trendkill <> wrote:
    > On Aug 14, 1:20 pm, Trendkill <> wrote:
    >
    >
    >
    >
    >
    > > On Aug 14, 1:17 pm, Bruce Meyer <> wrote:

    >
    > > > I am locking down switchports throughout our enterprise.
    > > > I haved read many articles on Configuring the Secure MAC Address Aging
    > > > Type on a Port, but am at a complete loss for WHAT aging actually is.
    > > > Currently I am leaving it disabled as though i have found lots of
    > > > articles on how to conifgure it, I don't know what it is, or why I
    > > > want to, or don't want to use it.
    > > > Could someone explain it for me please? (No plain english!) :)

    >
    > > > My goal is to lock down ports for the currently connected port, so if
    > > > my wild guess is correct, i won't be using aging anyway.

    >
    > > > Thanks for any help folks.

    >
    > > > Bruce D. Meyer

    >
    > > While I don't know the specific context w/ security, aging is the
    > > timeout period of MAC addresses in the switches CAM/MAC table.
    > > Basically, the CAM table junctions what MACs are on what ports, and
    > > tells the switch where things need to be forwarded at level 2. If the
    > > aging table is set high, and a person unplugs a server and plugs
    > > something in that just listens (if it sends any frames, the switch
    > > will update the CAM table with the new MAC off the source of the
    > > frame), then it can potentially 'sniff' traffic that was destined for
    > > the previous station. Just because it is unplugged doesn't mean the
    > > CAM table ages out, it is usually set by CAM and ARP aging on the
    > > switches and routers. ARP aging is the same, but it junctions IP to
    > > MAC. While it isn't cake to spoof a MAC, it is possible.

    >
    > Here is the config guide on it, looks like it sets the aging time of
    > secure MACs, playing off of what I said above:
    >
    > http://www.cisco.com/en/US/products/hw/switches/ps708/products_config...- Hide quoted text -
    >
    > - Show quoted text -


    Thank-you. That clears it up for me.
    --Bruce
     
    Bruce Meyer, Sep 3, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan

    Address Aging Issue

    Dan, Jan 21, 2004, in forum: Cisco
    Replies:
    4
    Views:
    1,133
    Christoph Gartmann
    Jan 22, 2004
  2. Martin Bilgrav

    C6000 MAC aging problem

    Martin Bilgrav, Dec 1, 2005, in forum: Cisco
    Replies:
    2
    Views:
    4,049
    Martin Bilgrav
    Dec 2, 2005
  3. Karl Engel

    XP on an aging PIII?

    Karl Engel, Aug 12, 2005, in forum: Computer Support
    Replies:
    10
    Views:
    827
    kenny
    Aug 14, 2005
  4. Dave L

    CMOS image aging

    Dave L, Apr 11, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    394
    Don Stauffer
    Apr 18, 2005
  5. BD

    Question: Artificially aging digital photos

    BD, Jul 11, 2005, in forum: Digital Photography
    Replies:
    8
    Views:
    365
    male1960
    Jul 15, 2005
Loading...

Share This Page