Answer wrong? Switchport question
binaryhat
Member Posts: 129
in CCNA & CCENT
You want to implement port security in your company to protect against unauthorized network
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown
What does this configuration accomplish?
1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.
2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.
3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>
4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.
Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.
1 seems right.
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown
What does this configuration accomplish?
1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.
2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.
3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>
4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.
Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.
1 seems right.
Currently working on:
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
Comments
Here is a good link you should read:
Port Security - Packet Life
Switch(config-if-range)#switchport port-security maximum 1 - ports are limited to a maximum of one MAC address each.
Switch(config-if-range)#switchport port-security mac-address sticky - The
first MAC address to transmit data on the port will be the only MAC address allowed
Switch(config-if-range)#switchport port-security violation shutdown - Any other
MAC addresses will cause the interface to enter an err-disabled state.
I attached each part of answer 3 to the corresponding command, helps make it a little more clear.
The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.
Ahhh that's what I missed...need to read more carefully!!!!
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
Also I was thrown off by
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
Strangely, the Pearson [that comes with Odom's book] screws me up the worst. I took it twice and both times came up just short of passing, and it wasn't because I didn't know the material. Most of the questions I got wrong were the result of misreading/misunderstanding the question or not paying close enough attention. I bought the Boson test and took it last night and scored 901 on my first try, though I did notice they tried to screw with you with the prompts. That is, they would have an answer with the right commands let's say, but the wrong mode (e.g. trying to enter rip commands in global config mode).
BTW, the Pearson test only uses questions, no Sims or Simlets. The Boson contained Simulations and Simlets in addition to the multiple choice questions, which I really liked.
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]
- you're being told in the very beginning you have more than 1 Mr.ports you want to configure...would you rather go one by one by one by one or just with one command?
-remember max 1 (so Mr.Port I has one MAC ADDRESS I Lady Mr. port I likes only)
-now let's say Ms. Mac ADDRESS X goes up randomly to Mr. port I and he turns her down..." NO, i belong to MAC ADDRESS I and I only!!" so there's your violation because she wants access to an already taken Mr. port ...
THE END.