Home > Port Security Questions 2

Port Security Questions 2

November 14th, 2017 Go to comments

Question 1

Question 2

Explanation

In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:

protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf

Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).

Question 3

Question 4

Explanation

The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.

Comments (3) Comments
  1. lots of issues with answers in this section
    February 1st, 2018

    Q1- restrict and shutdown both increse violation counters.
    so answer is C as well as D
    Q2- all 4 modes dont allow traffic to pass so all the 4 options r correct

  2. lots of issues with answers in this section
    February 1st, 2018

    If you search for tabular columns and on udemy site every trainer has mentioned that none of the violation mode forwards traffic. The only differences lie in sending snmp traps logging messages and port violation counter and shutting down port or not.

  3. Charice :)
    March 27th, 2018

    Hi who recently wrote this exam?

Add a Comment