Port Security Flashcards
How do you clear a dynamically learned MAC address from a switch?
Shut down the interface port using the #shutdown command
What is the command to limit the number of Mac addresses a port can have when using port security
switchport port-security maximum [number]
What is the command to see port security information on a specific port
show port-security interface [word]
What is the command to see the list of MAC addresses that the switch has saved in its port security address table?
show port-security addresses
What needs to happen before port security can be enabled on a port?
The port must be set as an access port using the command #switchport mode access
How are sticky addresses different then dynamically learned addresses
Dynamically learned addresses are lost when the port is shutdown or the switch is reloaded. Sticky addresses remain in the switches address table.
NOTE: You must copy the running config to the startup config for them to stick after a reload
What is the command to enable port security.
#switchport port-security
mac-address + {address} or sticky can be addedWhat command will auto clear a lock down from port security
errordisable recovery cause psecure-violation
Note: this is a global setting not a per port settings. Default recovery time is 300s.
#errdisable recovery interval [number] to change timmer #show errdisable recovery to see ports currently waiting on the timer to recover
What command will show the port security counters, including the violation counter
show port-security
What is the difference between protect and restrict as port security modes
Restrict has error logging where protect doesn’t
What command can be used to clear mac addresses from the port-security address table other then shutdown. This includes sticky addresses
clear port-security [additional modifiers]
