Cisco CCNA mock exam questions sample test – Question 323

.What will be the effect of executing the following command on port F0/1?

switch(config-if)# switchport port-security mac-address 00C0.35F0.8301

A. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
B. The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
C. The command configures an inbound access control list on port F0/1 limiting traffic to the IP address of the host.
D. The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301.


Correct Answer: A

Explanation:
The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. By default, an unlimited number of MAC addresses can be learned on a
single switch port, whether it is configured as an access port or a trunk port. Switch ports can be secured by defining one or more specific MAC addresses that should be allowed to
connect, and violation policies (such as disabling the port) if additional hosts try to gain a connection.
The switchport port-security mac-address 00C0.35F0.8301 command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
The switchport port-security mac-address 00C0.35F0.8301 command does not expressly prohibit the MAC address of 00c0.35F0.8301 as an allowed host on the switch port. The
port-security command is designed to identify allowed MAC addresses not prohibited addresses.
The switchport port-security mac-address 00C0.35F0.8301 command does not configure an inbound access control list on port F0/1 limiting traffic to the IP address of the host. It will
accept traffic to the port, but will only allow a device with that MAC address to be connected to the port.
The switchport port-security mac-address 00C0.35F0.8301 command does not encrypt all traffic on the port from the MAC address of 00c0.35F0.8301. The port-security command
has nothing to do with encryption.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port security
References:
Cisco > Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide > Configuring Port Security > Enabling Port Security
Cisco > Support > Cisco IOS Security Command Reference: Commands S to Z > switchport port-security mac-address