Boson ICND2 Exam Question

Going through the Boson exams, and one of the questions in a simlet has me confused. After inspecting the configuration of a switch, it asks which of a series of statements are true. In the switch configuration, port Fa0/2 has switchport port-security entered in the running config with no other options. Under show ip interface brief, Fa0/2 shows as down on both Status and Protocol.

I picked the answer that says no host will be able to send traffic into port Fa0/2 (because of the port being down). But Boson says the answer is only the first host that sends traffic into Fa0/2 will be authorized (because of the switchport port-security).

Doesn't the down status trump port security? Or am I completely oblivious, and sending a packet into the switch will somehow cause the port status to go active?

Find more posts tagged with

Comments

DPG

If you only configure port-security the default behavior is to allow the first MAC address that the interface learns.

TechGuru80

Sounds like the question is asking in the scenario somebody plugs in a device.

doctorlexus

DPG wrote: »

If you only configure port-security the default behavior is to allow the first MAC address that the interface learns.

How will the interface learn anything in the down state?

TechGuru80 wrote: »

Sounds like the question is asking in the scenario somebody plugs in a device.

Will plugging in a device move the port out of the down state? I thought you had to explicitly go into interface configuration mode and enter the no shutdown command.

OctalDump

This is why having a lab is really useful. You can just set up a similar config and see what happens. Cisco isn't going to be asking questions about what Boson thinks, it's going to be asking questions about how their gear works. So if you can see and then understand what's going on with actual gear, then that will both answer the question and give you some extra experience.

doctorlexus

OctalDump wrote: »

This is why having a lab is really useful. You can just set up a similar config and see what happens. Cisco isn't going to be asking questions about what Boson thinks, it's going to be asking questions about how their gear works. So if you can see and then understand what's going on with actual gear, then that will both answer the question and give you some extra experience.

Fair enough. Unfortunately, I don't have any real Cisco gear. I'd still like to understand this question, and why the fact that the interface is down apparently doesn't matter.

GDaines

doctorlexus wrote: »

Will plugging in a device move the port out of the down state? I thought you had to explicitly go into interface configuration mode and enter the no shutdown command.

Yes to the question - down means there's nothing plugged in, administratively down means there's something plugged in but the port is in the down/off state, either because the 'shutdown' command was issued, or most likely because port security settings shut the port down when an unauthorised device tried to access it. In the latter case you need to issue a 'shutdown' command and then a 'no shutdown' command (I've no idea why you can't just 'no shutdown' the already shutdown port, but all the training resources I've used say you need to 'shutdown' first).

I can fully appreciate why you chose the answer you did as it seems logical that no traffic will be able to traverse a 'shutdown' port so the question was perhaps at best a little ambiguous.

doctorlexus

GDaines wrote: »

Yes to the question - down means there's nothing plugged in, administratively down means there's something plugged in but the port is in the down/off state, either because the 'shutdown' command was issued, or most likely because port security settings shut the port down when an unauthorised device tried to access it. In the latter case you need to issue a 'shutdown' command and then a 'no shutdown' command (I've no idea why you can't just 'no shutdown' the already shutdown port, but all the training resources I've used say you need to 'shutdown' first).

Thanks much. Now the exam question makes sense, if just plugging a cable in will bring it out of the down state.

TechGuru80

Beat me to it...but yeah admin down is different than just down. When port security shuts the port down it will show err disabled.