Volume 1 - Chapter 11: Implementing Switch Port Security

Question 1

True or False:

Switchport port security can be enabled on both access and trunk interfaces.

Answer 1

True, both access and trunk interfaces support port security.

However, the interface must be set statically to a trunk or access interface.

Question 2

What is the command to set the maximum amount of violations that can be tolerated with port security?

Answer 2

switchport port-security maximum number

Question 3

What is the command to set the violation type of port security for a specific interface?

Answer 3

switchport port-security violation protect / restrict / shutdown

Question 4

What is the command to set an allowed static MAC address for an interface with port security enabled?

Answer 4

switchport port-security mac-address mac-address

Question 5

What is the command to enable a sticky MAC address to be dynamically learned?

Answer 5

switchport port-security mac-address sticky

Question 6

True or False:

MAC-addresses learned by sticky configuration will be saved to the startup-configuration automatically.

Answer 6

False; until the running configuration is saved to memory manually, the sticky MACs that are learned on an interface will be lost if the switch reboots.

Question 7

What adjustment to the interface configuration is recommended when port-security is enabled on a voice port?

Answer 7

The maximum allowed MAC addresses should be increased to 2; one for the workstation, one for the phone.

Question 8

True or False:

Port Security can be enabled on port-channel (EtherChannel) interfaces.

Answer 8

True; but make sure you configure the port-security commands on the port-channel interface, and not on the physical interfaces.

Question 9

What command can be used to check the current port-security statistics on an interface?

Answer 9

show port-security interface interfacename

Question 10

Describe the difference between the following commands:

show mac address-table secure
show mac address-table static

Answer 10

Secure; shows only MAC addresses that are associated with ports that have port security enabled.

Static; shows MAC addresses that are associated with ports that have port security enabled, as well as all statically configured MACs

Question 11

MAC addresses that are learned or configured on port-security enabled interfaces are no longer considered to be ____ ____.

Answer 11

dynamically learned.

Question 12

What are the 3 commands that can be used to list MAC addresses learned or configured with port-security?

Answer 12

show mac address-table static
show mac address-table secure
show mac address-table

Question 13

Describe the difference between the port-security “restrict” and “protect” modes.

Answer 13

Both restrict and protect will both discard traffic when pushed past the maximum, but only restrict will generate a log entry and send an SNMP trap.

Question 14

What command can be used to enable automatic recovery of ports in an err-disable state due to port-security?

Answer 14

errdisable recovery cause psecure-violation

Question 15

What command can be used to set the recovery interval used to restore interfaces in an err-disable state?

Answer 15

errdisable recovery interval seconds