Symptom
When port-security is enabled with default aging type absolute, the port security static MAC address will be removed from MAC address table after one minute of configured aging time.
The default aging time is five minutes. So the MAC address will be removed after six minutes.
Conditions
Port-security configured with default aging type absolute. The issue is seen on both 3850 and 9300 running 16.12.x and 17.3.x releases.
Workaround
No workaround in place for aging type absolute. However, aging type inactivity working as expected.
Further Problem Description
The port-security enabled port with default aging type absolute learned MAC address is deleted after 'N+1' minute when the port-security aging time is set to 'N' minutes.
So in every 'N+1' minute, a packet ingress will punt to the CPU for MAC address learning and consumed by switch, which will cause packet drop.
