Boson ICND2 Exam Question

doctorlexusdoctorlexus Member Posts: 217
in CCNA & CCENT
Going through the Boson exams, and one of the questions in a simlet has me confused. After inspecting the configuration of a switch, it asks which of a series of statements are true. In the switch configuration, port Fa0/2 has switchport port-security entered in the running config with no other options. Under show ip interface brief, Fa0/2 shows as down on both Status and Protocol.

I picked the answer that says no host will be able to send traffic into port Fa0/2 (because of the port being down). But Boson says the answer is only the first host that sends traffic into Fa0/2 will be authorized (because of the switchport port-security).

Doesn't the down status trump port security? Or am I completely oblivious, and sending a packet into the switch will somehow cause the port status to go active?
· Share on FacebookShare on Twitter

Comments

  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    If you only configure port-security the default behavior is to allow the first MAC address that the interface learns.
    · Share on FacebookShare on Twitter
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Sounds like the question is asking in the scenario somebody plugs in a device.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
  • doctorlexusdoctorlexus Member Posts: 217
    DPG wrote: »
    If you only configure port-security the default behavior is to allow the first MAC address that the interface learns.

    How will the interface learn anything in the down state?
    TechGuru80 wrote: »
    Sounds like the question is asking in the scenario somebody plugs in a device.

    Will plugging in a device move the port out of the down state? I thought you had to explicitly go into interface configuration mode and enter the no shutdown command.
    · Share on FacebookShare on Twitter
  • OctalDumpOctalDump Member Posts: 1,722
    This is why having a lab is really useful. You can just set up a similar config and see what happens. Cisco isn't going to be asking questions about what Boson thinks, it's going to be asking questions about how their gear works. So if you can see and then understand what's going on with actual gear, then that will both answer the question and give you some extra experience.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    · Share on FacebookShare on Twitter
  • doctorlexusdoctorlexus Member Posts: 217
    OctalDump wrote: »
    This is why having a lab is really useful. You can just set up a similar config and see what happens. Cisco isn't going to be asking questions about what Boson thinks, it's going to be asking questions about how their gear works. So if you can see and then understand what's going on with actual gear, then that will both answer the question and give you some extra experience.

    Fair enough. Unfortunately, I don't have any real Cisco gear. I'd still like to understand this question, and why the fact that the interface is down apparently doesn't matter.
    · Share on FacebookShare on Twitter
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    doctorlexus wrote: »
    Will plugging in a device move the port out of the down state? I thought you had to explicitly go into interface configuration mode and enter the no shutdown command.

    Yes to the question - down means there's nothing plugged in, administratively down means there's something plugged in but the port is in the down/off state, either because the 'shutdown' command was issued, or most likely because port security settings shut the port down when an unauthorised device tried to access it. In the latter case you need to issue a 'shutdown' command and then a 'no shutdown' command (I've no idea why you can't just 'no shutdown' the already shutdown port, but all the training resources I've used say you need to 'shutdown' first).

    I can fully appreciate why you chose the answer you did as it seems logical that no traffic will be able to traverse a 'shutdown' port so the question was perhaps at best a little ambiguous.
    · Share on FacebookShare on Twitter
  • doctorlexusdoctorlexus Member Posts: 217
    GDaines wrote: »
    Yes to the question - down means there's nothing plugged in, administratively down means there's something plugged in but the port is in the down/off state, either because the 'shutdown' command was issued, or most likely because port security settings shut the port down when an unauthorised device tried to access it. In the latter case you need to issue a 'shutdown' command and then a 'no shutdown' command (I've no idea why you can't just 'no shutdown' the already shutdown port, but all the training resources I've used say you need to 'shutdown' first).

    Thanks much. Now the exam question makes sense, if just plugging a cable in will bring it out of the down state.
    · Share on FacebookShare on Twitter
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Beat me to it...but yeah admin down is different than just down. When port security shuts the port down it will show err disabled.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
Sign In or Register to comment.