Which of the following methods will ensure that only one specific host can connect to port F0/1 on a switch?
A.
Configure port security on F0/1 to forward traffic to a destination other than that of the MAC address of the host.
B.
Configure the MAC address of the host as a static entry associated with port F0/1.
C.
Configure port security on F0/1 to accept traffic only from the MAC address of the host.
D.
Configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host.
E.
Configure port security on F0/1 to accept traffic other than that of the MAC address of the host.
Explanation:
To limit connections to a specific host, you should configure port security to accept traffic only from the MAC address of the host. By default, an unlimited number of
MAC addresses can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or
more specific MAC addresses that should be allowed to connect, and by defining violation policies (such as disabling the port) to be enacted if additional hosts try to
gain a connection.
The following example secures a switch port by manually defining the MAC address of allowed connections:switch(config-if)# switchport port-security
switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
The first command activates port security on the interface, while the second command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on
the switch port.
The mac-address-table static command assigns a permanent MAC address to the port, but does not prevent any other MAC addresses from being associated with
the port. . The command below would assign the MAC address 0050.3e8d.62bb to port 15 on the switch:
switch(config)# mac-address-table static 0050.3e8d.6400 interface fastethernet0/15
You should not configure port security on F0/1 to forward traffic to a destination other than that of the MAC address of the host. Traffic from other hosts should be
rejected, not forwarded or accepted. For the same reason, you should not configure port security on F0/1 to accept traffic other than that of the MAC address of the
host.
You cannot configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host. It is impossible to filter traffic based on IP addresses on
a Layer 2 switch.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port securityCisco > Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide > Configuring Port Security > Enabling Port Security