Information
Normally, a port disabled by the port security feature must be re-enabled manually; the auto-recovery feature allows the switch to automatically re-enable a disabled port after a specified disable timer has elapsed. The timer can be set between 1 and 300 seconds; setting it to 0 disables the timer.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To enable auto-recovery on a port, port security must be enabled by setting the MAC address learning mode to any mode other than continuous. Disabling port security by using the no port-security <port> command also clears the disable timer setting.
The following command enables auto-recovery on port 2 with a 30-second disable timer:
switch(config)# port-security 2 disable-timer 30