Answer wrong? Switchport question
binaryhat
Member Posts: 129
in CCNA & CCENT
You want to implement port security in your company to protect against unauthorized network
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown
What does this configuration accomplish?
1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.
2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.
3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>
4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.
Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.
1 seems right.
access. After logging in to the switch, you enter the following commands:
Switch(config)#interface range fa0/1-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security violation shutdown
What does this configuration accomplish?
1. >>Port security is enabled, and ports are limited to a maximum of one violation per port. The
first MAC address to transmit data on the port will be the only MAC address allowed. After a
second violation has occurred, the interface will shut down.
2. Port security is not enabled because the syntax "switchport port-security on" was not used.
All other port-security commands will not take effect until this command is entered.
3. Port security is enabled, and ports are limited to a maximum of one MAC address each. The
first MAC address to transmit data on the port will be the only MAC address allowed. Any other
MAC addresses will cause the interface to enter an err-disabled state. <Correct>
4. Port security is enabled, and the port is limited to an access port, which can only be used
between switches. Only one upstream switch is allowed to connect to the port. All MAC addresses
learned on the port will "stick" to the interface. If more than one upstream switch is attached,
the port will shut down.
Why 3? Seems wrong to me, because of Any other MAC addresses will cause the interface to enter an err-disabled state.
1 seems right.
Currently working on:
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets
Comments
-
deronadd Member Posts: 5 ■□□□□□□□□□In my opinion three is absolutely correct...from the first sentence you could tell 1 was off. The maximum statement determines the maximum number of mac-address the port will learn and not the maximum number of violations. Hope this helps you out...
Here is a good link you should read:
Port Security - Packet Life -
krjay Member Posts: 290Switch(config-if-range)#switchport port-security - Port security is enabled
Switch(config-if-range)#switchport port-security maximum 1 - ports are limited to a maximum of one MAC address each.
Switch(config-if-range)#switchport port-security mac-address sticky - The
first MAC address to transmit data on the port will be the only MAC address allowed
Switch(config-if-range)#switchport port-security violation shutdown - Any other
MAC addresses will cause the interface to enter an err-disabled state.
I attached each part of answer 3 to the corresponding command, helps make it a little more clear.
The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.2014 Certification Goals: 70-410 [ ] CCNA:S [ ] Linux+ [ ] -
binaryhat Member Posts: 129The main thing that sticks out in answer 1 is 'After a second violation has occurred, the interface will shut down'. This isn't correct, the ports will shut down after the first violation.
Ahhh that's what I missed...need to read more carefully!!!!Currently working on:
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets -
d4nz1g Member Posts: 464Be careful with that...The CCNA test is all about paying attention to the question.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...)
-
binaryhat Member Posts: 129MeasureUp question...
Also I was thrown off byAny other MAC addresses will cause the interface to enter an err-disabled stateCurrently working on:
ICND1 - TBD
Book: CCENT/CCNA ICND1 100-101 Official Cert Guide
Equipment: Packet Tracer, GNS3
Supplement Material: Youtube, Google, Boson ExamSim-Max, CBTNuggets -
theodoxa Member Posts: 1,340 ■■■■□□□□□□veritas_libertas wrote: »That must be a Boson question. They LOVE to mess with your head. You have to read them carefully or your will end up doing a lot of facepalming (not sure if that is a word...)
Strangely, the Pearson [that comes with Odom's book] screws me up the worst. I took it twice and both times came up just short of passing, and it wasn't because I didn't know the material. Most of the questions I got wrong were the result of misreading/misunderstanding the question or not paying close enough attention. I bought the Boson test and took it last night and scored 901 on my first try, though I did notice they tried to screw with you with the prompts. That is, they would have an answer with the right commands let's say, but the wrong mode (e.g. trying to enter rip commands in global config mode).
BTW, the Pearson test only uses questions, no Sims or Simlets. The Boson contained Simulations and Simlets in addition to the multiple choice questions, which I really liked.R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
mrbighead Registered Users Posts: 3 ■□□□□□□□□□Just some advice from someone who is an excellent test taker but hasn't actually taken this one yet. I always try to tell myself why each other answer is wrong before moving on to the next. I hear this test is short on time, but it is something you consider.
-
ralbertos21 Member Posts: 27 ■□□□□□□□□□it's 3.
- you're being told in the very beginning you have more than 1 Mr.ports you want to configure...would you rather go one by one by one by one or just with one command?
-remember max 1 (so Mr.Port I has one MAC ADDRESS I Lady Mr. port I likes only)
-now let's say Ms. Mac ADDRESS X goes up randomly to Mr. port I and he turns her down..." NO, i belong to MAC ADDRESS I and I only!!" so there's your violation because she wants access to an already taken Mr. port ...
THE END.