Cisco CCNA mock exam questions sample test – Question 114

.Which of the following methods will ensure that only one specific host can connect to port F0/1 on a switch?

A. Configure port security on F0/1 to forward traffic to a destination other than that of the MAC address of the host.
B. Configure the MAC address of the host as a static entry associated with port F0/1.
C. Configure port security on F0/1 to accept traffic only from the MAC address of the host.
D. Configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host.
E. Configure port security on F0/1 to accept traffic other than that of the MAC address of the host.

Correct Answer: C

Explanation:
To limit connections to a specific host, you should configure port security to accept traffic only from the MAC address of the host. By default, an unlimited number of MAC addresses
can be learned on a single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that
should be allowed to connect, and by defining violation policies (such as disabling the port) to be enacted if additional hosts try to gain a connection.
The following example secures a switch port by manually defining the MAC address of allowed connections:
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
The first command activates port security on the interface, while the second command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
The mac-address-table static command assigns a permanent MAC address to the port, but does not prevent any other MAC addresses from being associated with the port. . The
command below would assign the MAC address 0050.3e8d.62bb to port 15 on the switch:
switch(config)# mac-address-table static 0050.3e8d.6400 interface fastethernet0/15
You should not configure port security on F0/1 to forward traffic to a destination other than that of the MAC address of the host. Traffic from other hosts should be rejected, not
forwarded or accepted. For the same reason, you should not configure port security on F0/1 to accept traffic other than that of the MAC address of the host.
You cannot configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host. It is impossible to filter traffic based on IP addresses on a Layer 2 switch.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port security
References:
Cisco > Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide > Configuring Port Security > Enabling Port Security