The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky
2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1.
What two functions will occur when this frame is received by 2950Switch? (Choose two.)
A.
The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B.
Only host A will be allowed to transmit frames on fa0/1.
C.
This frame will be discarded when it is received by 2950Switch.
D.
All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E.
Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F.
Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
It is important to remember that port security does not filter packets. Keeping that in mind let look at the choices.
A. is incorrect becuase only PC A is allowed to connect to Fa0/1. If you want “additional entry of fa0/1 FFFF.FFFF.FFFF”, then you need to change “switchport port-security maximum 1” to 2.
C. is incorrect because the port is operational.
E. is incorrect because this is not an access-list. Port security does not filter.
F. is incorrect because this is not an access-list. Port security does not filter.
B. is correct. If any other PC is connected to Fa0/1 the port will shut down.
D. is correct. Any frame with destination for MAC 0000.00aa.aaaa will go out port fa0/1
This was on the exam today
@Conrad
Your reason for A being wrong is invalid. FFFF.FFFF.FFFF is a MAC broadcast address and would not be stored in the MAC address table or running-config, additionally it is also the destination address, and would not be added anyway as only source addresses are stored.
Thanks for the rest though.