Refer to the exhibit. The “show port-security interface fa0/1” command was issued on switch SW1.
Given the output that was generated, which two security statements are true? (Choose two.)
A.
Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
B.
Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
C.
Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.
D.
When the number of secure IP addresses reaches 10, the interface will immediately shut down.
E.
When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an SNMP trap notification will be sent.
Explanation:
Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will then provide access to frames from only those addresses. If, however, the number of addresses is limited to four but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses.
Port Security Implementation:When Switch port security rules violate different action can be applied:
1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.
2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple Network Management Protocol (SNMP) trap is sent.
3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make the interface usable. The port will not be shutdown, because it is in protect mode — not shutdown.