Ch9-Configuring Switch Interfaces Flashcards
A Cisco switch feature in which the switch watches Ethernet frames that come into an interface, tracks the source MAC addresses of all such frames, and takes a security action if the number of different MAC addresses is exceeded
port security
An IEEE standard mechanism (802.3u) with which two nodes can exchange messages for the purpose of choosing to use the same Ethernet standard on both ends of the link, ensuring the link functions and functions well
auto negotiation
Generically, any communication in which two communicating devices can concurrently send and receive data. In Ethernet LANs the allowance for both devices to send and receive at the same time, allowed when both devices disable their CSMA/CD logic
full duplex
Generically, any communication in which only one device at a time can send data. In Ethernet LANs, the normal result of the CSMA/CD algorithm that enforces the rule that only one device should send at any point in time
half duplex
Command reference: Changes context to interface mode
interface type port-number
Command reference: Changes the context to interface mode for a range of consecutively numbered interfaces. The subcommands that follow then apply to all interfaces in the range
interface range type start-port - end-port
Command reference: Interface mode. Disables/enables the interface, respectively
shutdown | no shutdown
Command reference: Interface mode. Manually sets the speed to the listed speed, or, with the auto setting, automatically negotiates the speed
speed [10 | 100 | 1000 | auto]
Command reference: Interface mode. Manually sets the port duplex to half or full, or automatically negotiates the duplex setting
duplex [auto | full | half]
Command reference: Interface mode. Lists any informative text the engineer wants to track for the interface (for example, the expected device on the other end of the cable)
description text
Command reference: Interface configuration command that tell the switch interface to always be an access port port, or always be a trunk port
swtichport mode [access | trunk]
Command reference: Interface configuration command that statically adds a specific MAC address as an allowed MAC address on the interface
switchport port-security mac-address address
Command reference: Interface configuration command that tells the switch to learn MAC addresses on the interface and add them to the configuration for the interface as secure MAC addresses
switchport port-security mac-address sticky
Command reference: Interface subcommand that sets the maximum number of static secure MAC addresses that can be assigned to a single interface
switchport port-security maximum value
Command reference:
Interface subcommand that tells the switch what to do if an inappropriate MAC address tries to access the network through a secure switch port
switchport port-security violation [protect | restrict | shutdown]
Command reference: Lists the configuration currently in use
show running-config
Command reference: Lists MAC addresses defined or learned ports configured with port security
show mac address-table secure [interface type number]
Command reference: Lists static MAC addresses and MAC addresses learned or defined with port security
show mac address-table static [interface type number]
Command reference: Lists one output line per interface (or only for the listed interface, if included) noting the description, operating state, and settings for duplex and speed on each interface
show interfaces [interface type number] status
Command reference: Lists detailed status and statistical information about all interfaces (or the listed interface only)
show interfaces [interface type number]
Command reference: Lists an interface’s port security configuration settings and security operational status
show port-security [interface type number]
Command reference: Lists one line per interface that summarized the port security settings for any interface on which it is enabled
show port-security
Which command produced the following output?
show port-security interface some-interface
What possible actions can port security take when a violation occurs?
- Discard offending traffic
- Send log and SNMP messages
- Increment the violation counter
- Shut down the port
