Port security question

jscimeca715jscimeca715 Member Posts: 280
in CCNA & CCENT
I'm reviewing for my ICND1 exam (THIS FRIDAY!!!!!!) and have a question about port-security. If an interface is configured with "switchport port-security violation protect," command, does broadcast traffic still get forwarded? Wendell Odom's book mentions that in protect mode the traffic is discarded, but the interface stays up, but it doesn't make it very clear what happens to broadcast (or any for that matter) traffic.

Any help would be appreciated.
· Share on FacebookShare on Twitter

Comments

  • wbosherwbosher Member Posts: 422
    From what I understand, nothing gets through that switchport from the offending device plugged into that port until reset.
    · Share on FacebookShare on Twitter
  • Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    In protect, the port will stay up, but no packets will pass from violating addresses, and no traps or syslog messages are sent, unlike restrict mode.

    Restrict mode will do the same, but send traps and syslog...shutdown will shut it down, and where it goes from there depends on if you've configured automatic recovery from errdisable conditions.
    · Share on FacebookShare on Twitter
  • jscimeca715jscimeca715 Member Posts: 280
    Mrock4 wrote: »
    In protect, the port will stay up, but no packets will pass from violating addresses, and no traps or syslog messages are sent, unlike restrict mode.

    Restrict mode will do the same, but send traps and syslog...shutdown will shut it down, and where it goes from there depends on if you've configured automatic recovery from errdisable conditions.

    Thanks Mrock, but to clarify. Will frames pass to the violating address?
    · Share on FacebookShare on Twitter
  • Mrock4Mrock4 Banned Posts: 2,359 ■■■■■■■■□□
    To be honest, I can't say this with 100% certainty, but I'm going to say that nothing at all gets sent to the violating device. It would seem to be counter-productive to drop packets/frames that come in, but to send them to that device. I looked for some more definitive information but I really just don't have it. There's no need for the switch to send any frames to the device anyways..not until it sees a MAC it likes, at least.
    · Share on FacebookShare on Twitter
  • jscimeca715jscimeca715 Member Posts: 280
    Mrock4 wrote: »
    To be honest, I can't say this with 100% certainty, but I'm going to say that nothing at all gets sent to the violating device. It would seem to be counter-productive to drop packets/frames that come in, but to send them to that device. I looked for some more definitive information but I really just don't have it. There's no need for the switch to send any frames to the device anyways..not until it sees a MAC it likes, at least.

    After posting, I started to think like you did. There would be no benefit in receiving any frames because it would block the response frame. I appreciate your help!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.