Which of these correctly describes the results of port security violation of an unknown packet?
A.
port enabled; unknown packets dropped; no SNMP or syslog messages
B.
port enabled; unknown packets dropped; SNMP or syslog messages
C.
port disabled; no SNMP or syslog messages
D.
port disabled; SNMP or syslog messages
Explanation:
Configuring Port Security http://packetlife.net/blog/2010/may/3/port-security/
We can view the default port security configuration with show port-security:
http://www.ciscopress.com/articles/article.asp?p=1722561
Switchport Security Violations The second piece of switchport port-security that must be understood
is a security violation including what it is what causes it and what the different violation modes that
exist. A switchport violation occurs in one of two situations:
When the maximum number of secure MAC addresses has been reached (by default, the maximum
number of secure MAC addresses per switchport is limited to 1)
An address learned or configured on one secure interface is seen on another secure interface in the
same VLAN The action that the device takes when one of these violations occurs can be configured:
Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while
dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When
configured with this mode, no notification action is taken when traffic is dropped. Restrict—This
mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic
from unknown MAC addresses when over the allowed MAC address limit. When configured with this
mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, anda violation counter is incremented when traffic is dropped. Shutdown—This mode is the default
violation mode; when in this mode, the switch will automatically force the switchport into an error
disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no
traffic. The switchport can be brought out of this error disabled state by issuing the errdisable
recovery cause CLI command or by disabling and re-enabling the switchport.
Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error
disabled state the specific violating VLAN.
No switchport port-security violation command was issued. So, you can assume the default behavior of the switchport port-security violation command which is “shutdown” and it logs the violation (via SNMP or syslog messages).
0
0
Here is an excellent Weblog You may Locate Interesting that we encourage you to visit.
0
0