Home > Port Security Questions 2

Port Security Questions 2

November 14th, 2017 Go to comments

Question 1

Question 2

Explanation

In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:

protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf

Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).

Question 3

Question 4

Explanation

The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.

Comments (0) Comments
  1. No comments yet.
Add a Comment