What would happen if another device is connected to the Fa0/5

Refer to the exhibit. Port security has been configured on port Fa0/5. What would happen if another device is connected to the Fa0/5 port after the maximum number of devices has been reached, even if one or more of the original MAC addresses are inactive?

Refer to the exhibit. Port security has been configured on port Fa0/5. What would happen if another device is connected to the Fa0/5 port after the maximum number of devices has been reached, even if one or more of the original MAC addresses are inactive?

A.
The port will permit the new MAC address because one or more of the original MAC addresses are inactive.

B.
The port will permit the new MAC address because one or more of the original MAC addresses will age out.

C.
Because the new MAC address is not configured on the port, the port will not permit the new MAC address.

D.
Although one or more of the original MAC addresses are inactive, the port will not permit the new MAC address.

Explanation:

In this example the switch is configured for Port Security with the maximum number of allowed
devices set to 11. When configuring port security, note the following syntax information about port
security violation modes:

protectDrops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value.

restrictDrops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value and causes the SecurityViolation
counter to increment.

shutdownPuts the interface into the error-disabled state immediately and sends an SNMP trap
notification.
Normally, since the security violation has been set to protect, the switch indeed allow a new device
to be added after an original MAC address is inactive. However, the key to this question is the
aging time 0 command which has also been configured. This command disables aging, so the
original MAC addresses would remain even when they were removed. Therefore the switch will
not permit any new MAC addresses.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html#wp1036736



Leave a Reply 0

Your email address will not be published. Required fields are marked *