which three configuration steps should be performed on the switch to prevent this?

A company has placed a networked PC in a lobby so guests can have access to the corporate
directory.
A security concern is that someone will disconnect the directory PC and re-connect their laptop
computer and have access to the corporate network. For the port servicing the lobby, which three
configuration steps should be performed on the switch to prevent this? (Choose three.)

A company has placed a networked PC in a lobby so guests can have access to the corporate
directory.
A security concern is that someone will disconnect the directory PC and re-connect their laptop
computer and have access to the corporate network. For the port servicing the lobby, which three
configuration steps should be performed on the switch to prevent this? (Choose three.)

A.
Enable port security.

B.
Create the port as a trunk port.

C.
Create the port as an access port.

D.
Create the port as a protected port.

E.
Set the port security aging time to 0.

F.
Statically assign the MAC address to the address table.

G.
Configure the switch to discover new MAC addresses after a set time of inactivity.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


ish

ish

A Static MAC address is one that has been manualy input (typed via a command) into the CAM or MAC address table.
A dynamic MAC address is one that has been learned via an arp request.

If a switch learns the MAC address from another device then it has dynamically sourced the MAC address.

Static MAC Addresses

In most network deployments, generated MAC addresses are appropriate. However, you might need to set a static MAC address for a virtual network adapter.
The following examples show when you might set a static MAC address.

Virtual network adapters on different physical hosts share the same subnet and are assigned the same MAC address, causing a conflict.

You want to ensure that a virtual network adapter always has the same MAC address.
By default, VMware uses the Organizationally Unique Identifier (OUI) 00:50:56 for manually generated addresses, but all unique manually generated addresses are supported.
Note
If you choose to use the VMware OUI, part of the range has been partitioned for use by vCenter Server , host physical NICs, virtual NICs, and future use.
You can set a static MAC address using the VMware OUI prefix by adding the following line to a virtual machine‘s configuration file:
ethernet.address = 00:50:56:XX:YY:ZZ
In the example, refers to the number of the Ethernet adapter, XX is a valid hexadecimal number between 00 and 3F, and YY and ZZ are valid hexadecimal numbers between 00 and FF. The value for XX cannot be greater than 3F to avoid conflict with MAC addresses that are generated by the VMware Workstation and VMware Server products. The maximum value for a manually generated MAC address is shown in the sample.

ethernet.address = 00:50:56:3F:FF:FF
You must also set the address type in a virtual machine’s configuration file.
ethernet.addressType=”static”

Because ESXi virtual machines do not support arbitrary MAC addresses, you must use the example format. Choose a unique value for XX:YY:ZZ among your hard-coded addresses to avoid conflicts between the automatically assigned MAC addresses and the manually assigned ones.

It is your responsibility to to ensure that no other non-VMware devices use addresses assigned to VMware components. For example, you might have physical servers in the same subnet, which use 11:11:11:11:11:11, 22:22:22:22:22:22 as static MAC addresses. Since the physical servers do not belong to the vCenter Server inventory, vCenter Server is not able to check for address collision.

noir

noir

A trunk allows pretagged packets to passthrough without changing the tag while an access port takes the packets it receives and retags them.

Ex. To setup a trunk to allows all vlans(pretagged) traffic to flow to and from it

int fa0/0
switchport mode trunk <—— explicitly making this port a trunk rather than allowing it to "negotiate" its role (only command needed)

Ex. To setup an access port and telling to tag the traffic as vlan 10

int f0/1
switchport mode access <—– explicitly making this an access port rather than allowing it to "negotiate" its role
switchport access vlan 10 <——— tell this interface to tag any traffic entering the port as vlan 10