Which of the following methods will ensure that only one specific host can connect to port F0/1 on a switch?
A.
Configure port security on F0/1 to forward traffic to a destination other than that of the MAC address of the
host.
B.
Configure the MAC address of the host as a static entry associated with port F0/1.
C.
Configure port security on F0/1 to accept traffic only from the MAC address of the host.
D.
Configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host.
E.
Configure port security on F0/1 to accept traffic other than that of the MAC address of the host.
Explanation:
To limit connections to a specific host, you should configure port security to accept traffic only from the MAC
address of the host. By default, an unlimited number of MAC addresses can be learned on a single switch port,
whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more
specific MAC addresses that should be allowed to connect, and by defining violation policies (such as disabling
the port) to be enacted if additional hosts try to gain a connection.
The following example secures a switch port by manually defining the MAC address of allowed connections:
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
The first command activates port security on the interface, while the second command statically defines theMAC address of 00c0.35F0.8301 as an allowed host on the switch port.
The mac-address-table static command assigns a permanent MAC address to the port, but does not prevent
any other MAC addresses from being associated with the port. . The command below would assign the MAC
address 0050.3e8d.62bb to port 15 on the switch:
switch(config)# mac-address-table static 0050.3e8d.6400 interface fastethernet0/15
You should not configure port security on F0/1 to forward traffic to a destination other than that of the MAC
address of the host. Traffic from other hosts should be rejected, not forwarded or accepted. For the same
reason, you should not configure port security on F0/1 to accept traffic other than that of the MAC address of
the host.
You cannot configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host. It
is impossible to filter traffic based on IP addresses on a Layer 2 switch.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port securityCisco > Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide > Configuring Port Security >
Enabling Port Security