2. 计算机
  3. The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface

The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface

admin2009-05-19  58
问题 The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
选项 A、SWEzonexam1(config-if)# switchport port-security maximum 1
B、SWEzonexam1(config)# mac-address-table secure
C、SWEzonexam1(config)# access-list 10 permit ip host
D、SWEzonexam1(config-if)# switchport port-security violation shutdown
E、SWEzonexam1(config-if)# ip access-group 10
答案A,D
解析 Explanation
Catalyst switches offer the port security feature to control port access based on MAC addresses. To configure port security on an access layer switch port, begin by enabling it with the following interface configuration command:
Switch(config-if)# switchport port-security

Next, you must identify a set of allowed MAC addresses so that the port can grant them access. You can explicitly configure addresses or they can be dynamically learned from port traffic. On each interface that uses port security, specify the maximum number of MAC addresses that will be allowed access using the following interface configuration command:
Switch(config-if)# switchport port-security maximum max-addr

Finally, you must define how each interface using port security should react if a MAC address is in violation by using the following interface configuration command:
Switch(config-if)# switchport port-security violation {shutdown | restrict | protect}

A violation occurs if more than the maximum number of MAC addresses are learned, or if an unknown (not statically defined) MAC address attempts to transmit on the port. The switch port takes one of the following configured actions when a violation is detected:

shutdown-The port is immediately put into the errdisable state, which effectively shuts it down. It must be re-enabled manually or through errdisable recovery to be used again.

restrict-The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation.

protect-The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept.
转载请注明原文地址:https://kaotiyun.com/show/L0hZ777K
本试题收录于: 思科640802题库思科认证分类
0

思科640802

思科认证

相关试题推荐
随机试题
最新回复(0)