Answer wrong? Switchport question

You want to implement port security in your company to protect against unauthorized network
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown

What does this configuration accomplish?

1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.

2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.

3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>

4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.

Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.

1 seems right.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

deronadd

In my opinion three is absolutely correct...from the first sentence you could tell 1 was off. The maximum statement determines the maximum number of mac-address the port will learn and not the maximum number of violations. Hope this helps you out...

Here is a good link you should read:

Port Security - Packet Life

krjay

Switch(config-if-range)#switchport port-security - Port security is enabled

Switch(config-if-range)#switchport port-security maximum 1 - ports are limited to a maximum of one MAC address each.

Switch(config-if-range)#switchport port-security mac-address sticky - The
first MAC address to transmit data on the port will be the only MAC address allowed

Switch(config-if-range)#switchport port-security violation shutdown - Any other
MAC addresses will cause the interface to enter an err-disabled state.

I attached each part of answer 3 to the corresponding command, helps make it a little more clear.

The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.

binaryhat

The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.

Ahhh that's what I missed...need to read more carefully!!!!

d4nz1g

Be careful with that...The CCNA test is all about paying attention to the question.

Donnelly82

@ binaryhat, what website are you using for test questions??

veritas_libertas

That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...)

binaryhat

MeasureUp question...

Also I was thrown off by

Any other MAC addresses will cause the interface to enter an err-disabled state

theodoxa

veritas_libertas wrote: »

That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...)

Strangely, the Pearson [that comes with Odom's book] screws me up the worst. I took it twice and both times came up just short of passing, and it wasn't because I didn't know the material. Most of the questions I got wrong were the result of misreading/misunderstanding the question or not paying close enough attention. I bought the Boson test and took it last night and scored 901 on my first try, though I did notice they tried to screw with you with the prompts. That is, they would have an answer with the right commands let's say, but the wrong mode (e.g. trying to enter rip commands in global config mode).

BTW, the Pearson test only uses questions, no Sims or Simlets. The Boson contained Simulations and Simlets in addition to the multiple choice questions, which I really liked.

mrbighead

Just some advice from someone who is an excellent test taker but hasn't actually taken this one yet. I always try to tell myself why each other answer is wrong before moving on to the next. I hear this test is short on time, but it is something you consider.

ralbertos21

it's 3.
- you're being told in the very beginning you have more than 1 Mr.ports you want to configure...would you rather go one by one by one by one or just with one command?
-remember max 1 (so Mr.Port I has one MAC ADDRESS I Lady Mr. port I likes only)
-now let's say Ms. Mac ADDRESS X goes up randomly to Mr. port I and he turns her down..." NO, i belong to MAC ADDRESS I and I only!!" so there's your violation because she wants access to an already taken Mr. port ...

THE END.