CCNP switch slides 7 Flashcards
source
http://quizlet.com/3373218/ccnp-switch-deck-7-flash-cards/
On what basis is port security turned on?
Port basis
What is the configurable range of remembered MAC addresses?
1-1024
How do sticky mac addresses work?
When port security is turned on, by default, mac addresses are sticky and no aging occurs
What does port-security shutdown do?
Puts port into errdisable state. Must be manually re-enabled or errdisable recovered
What does port-security restrict do?
Port stays up, but packets from violating MACs are dropped. Switch logs violating packets
What does port-security protect do?
Port stays up, packets from violating MACs dropped, no logging
What must be supported for port-based security to occur?
802.1x with EAP over LAN (EAPOL)
At what layer does EAPOL run?
L2
How is 802.1x configured for port security?
RADIUS
What are the 6 steps to configure 802.1x for port security?
1-enable AAA on switch, 2-define RADIUS servers, 3-define authentication method, 4-enable 802.1x on switch, 5-conf. 802.1x ports, 6-allow hosts
What is 802.1x force-authorized?
the port is forced to always authorize any connected client with no authentication necessary (default)
What is 802.1x force-unauthorized?
port is forced to never authorize any connected client
What is 802.1x auto?
The port uses 802.1x exchange to move from unauthorized to authorized. Requires app on client
What scope is 802.1x enabled?
globally
What categories can ports be in with dhcp snooping enabled?
trusted or untrusted
What is an untrusted port under dhcp snooping?
any dhcp reply coming from an untrusted port is discarded and the offending port is put in errdisable
What data does DHCP snooping track?
completed dhcp bindings, mac addresses, IP addresses, etc.
How is DHCP snooping enabled (scope)?
globally
When DHCP snooping is turned on, by default, it considers all ports ______
untrusted
How does adding option-82 to DHCP snooping affect things?
The switch adds its MAC to the option 82 field so that the DHCP reply echoes back the switch’s own information
what is dhcp snooping rate limiting?
Limits the number if dhcp requests on a port\