What is aging?

Discussion in 'Cisco' started by Bruce Meyer, Aug 14, 2007.

  1. Bruce Meyer

    Bruce Meyer Guest

    I am locking down switchports throughout our enterprise.
    I haved read many articles on Configuring the Secure MAC Address Aging
    Type on a Port, but am at a complete loss for WHAT aging actually is.
    Currently I am leaving it disabled as though i have found lots of
    articles on how to conifgure it, I don't know what it is, or why I
    want to, or don't want to use it.
    Could someone explain it for me please? (No plain english!) :)

    My goal is to lock down ports for the currently connected port, so if
    my wild guess is correct, i won't be using aging anyway.

    Thanks for any help folks.

    Bruce D. Meyer
    Bruce Meyer, Aug 14, 2007
    1. Advertisements

  2. Bruce Meyer

    Trendkill Guest

    While I don't know the specific context w/ security, aging is the
    timeout period of MAC addresses in the switches CAM/MAC table.
    Basically, the CAM table junctions what MACs are on what ports, and
    tells the switch where things need to be forwarded at level 2. If the
    aging table is set high, and a person unplugs a server and plugs
    something in that just listens (if it sends any frames, the switch
    will update the CAM table with the new MAC off the source of the
    frame), then it can potentially 'sniff' traffic that was destined for
    the previous station. Just because it is unplugged doesn't mean the
    CAM table ages out, it is usually set by CAM and ARP aging on the
    switches and routers. ARP aging is the same, but it junctions IP to
    MAC. While it isn't cake to spoof a MAC, it is possible.
    Trendkill, Aug 14, 2007
    1. Advertisements

  3. Bruce Meyer

    Trendkill Guest

    Here is the config guide on it, looks like it sets the aging time of
    secure MACs, playing off of what I said above:

    Trendkill, Aug 14, 2007
  4. Bruce Meyer

    Bruce Meyer Guest

    Bruce Meyer, Sep 3, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.