When configuring port security on a Cisco Catalyst switch port, what is the default action
taken by the switch if a violation occurs?
A.
protect (drop packets with unknown source addresses)
B.
restrict (increment SecurityViolation counter)
C.
shut down (access or trunk port)
D.
transition (the access port to a trunking port)
Explanation:
When configuring port security, the following options for port security violation modes are
available:
+ protect—Drops packets with unknown source addresses until you remove a sufficient
number of secure MAC addresses to drop below the maximum value.
+ restrict—Drops packets with unknown source addresses until you remove a sufficient
number of secure MAC addresses to drop below the maximum value and causes the
SecurityViolation counter to increment.
+ shutdown—Puts the interface into the error-disabled state immediately and sends an
SNMP trap notification.
The default violation mode is shutdown.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html