Answer wrong? Switchport question

binaryhatbinaryhat Posts: 129Member
You want to implement port security in your company to protect against unauthorized network
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown

What does this configuration accomplish?


1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.

2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.

3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>

4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.

Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.

1 seems right.
Currently working on:
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets

Comments

  • deronaddderonadd Posts: 5Member ■□□□□□□□□□
    In my opinion three is absolutely correct...from the first sentence you could tell 1 was off. The maximum statement determines the maximum number of mac-address the port will learn and not the maximum number of violations. Hope this helps you out...

    Here is a good link you should read:

    Port Security - Packet Life
  • krjaykrjay Posts: 290Member
    Switch(config-if-range)#switchport port-security - Port security is enabled

    Switch(config-if-range)#switchport port-security maximum 1 - ports are limited to a maximum of one MAC address each.

    Switch(config-if-range)#switchport port-security mac-address sticky - The
    first MAC address to transmit data on the port will be the only MAC address allowed

    Switch(config-if-range)#switchport port-security violation shutdown - Any other
    MAC addresses will cause the interface to enter an err-disabled state.

    I attached each part of answer 3 to the corresponding command, helps make it a little more clear.

    The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.
    2014 Certification Goals: 70-410 [ ] CCNA:S [ ] Linux+ [ ]
  • binaryhatbinaryhat Posts: 129Member
    The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.

    Ahhh that's what I missed...need to read more carefully!!!!
    Currently working on:
    ICND1 - TBD
    Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
    Equipment: Packet Tracer, GNS3
    Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
  • d4nz1gd4nz1g Posts: 464Member
    Be careful with that...The CCNA test is all about paying attention to the question.
  • Donnelly82Donnelly82 Posts: 38Member ■■□□□□□□□□
    @ binaryhat, what website are you using for test questions??
  • veritas_libertasveritas_libertas Audentis Fortuna Iuvat Greenville, SC USAPosts: 5,733Member ■■■■■■■■■■
    That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...) :)
    Currently working on: Linux and Python
  • binaryhatbinaryhat Posts: 129Member
    MeasureUp question...

    Also I was thrown off by
    Any other MAC addresses will cause the interface to enter an err-disabled state
    Currently working on:
    ICND1 - TBD
    Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
    Equipment: Packet Tracer, GNS3
    Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
  • theodoxatheodoxa Posts: 1,340Member
    That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...) :)

    Strangely, the Pearson [that comes with Odom's book] screws me up the worst. I took it twice and both times came up just short of passing, and it wasn't because I didn't know the material. Most of the questions I got wrong were the result of misreading/misunderstanding the question or not paying close enough attention. I bought the Boson test and took it last night and scored 901 on my first try, though I did notice they tried to screw with you with the prompts. That is, they would have an answer with the right commands let's say, but the wrong mode (e.g. trying to enter rip commands in global config mode).

    BTW, the Pearson test only uses questions, no Sims or Simlets. The Boson contained Simulations and Simlets in addition to the multiple choice questions, which I really liked.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • mrbigheadmrbighead Posts: 3Registered Users ■□□□□□□□□□
    Just some advice from someone who is an excellent test taker but hasn't actually taken this one yet. I always try to tell myself why each other answer is wrong before moving on to the next. I hear this test is short on time, but it is something you consider.
  • ralbertos21ralbertos21 Posts: 27Member ■□□□□□□□□□
    it's 3.
    - you're being told in the very beginning you have more than 1 Mr.ports you want to configure...would you rather go one by one by one by one or just with one command?
    -remember max 1 (so Mr.Port I has one MAC ADDRESS I Lady Mr. port I likes only)
    -now let's say Ms. Mac ADDRESS X goes up randomly to Mr. port I and he turns her down..." NO, i belong to MAC ADDRESS I and I only!!" so there's your violation because she wants access to an already taken Mr. port ...



    THE END. icon_study.gif
Sign In or Register to comment.