Q: A Port Security Question
The lobby has a live Ethernet port: it’s time to lock that port down with port security. As usual, this post poses the question, and the next post (which will be linked at the bottom of this one once it’s there) will list the answers. Enjoy! Question is below the fold.
The figure shows a small enterprise network. The switches all have default configuration, other than some unrelated administrative settings that have no impact on this question.
Although these questions mostly ignore the routers and PCs, note that all PCs can ping each other. On the left side of the figure, all switch interfaces default to be in the same VLAN (VLAN 1). Similarly, on the right, all devices sit in the same VLAN (VLAN 2).
The switches are layer 2 only switches, like most typical Cisco access layer switches.
Host A, whose MAC address is 0200.AAAA.AAAA, happens to be a PC in the company lobby. The engineer wants to add some port security configuration to switch SW1. In this case, the engineer wants to ensure that host A, and only host A, can send traffic into the company network through this switch port. If someone walks up and disconnects that PC, and plugs in their own laptop, the port should be disabled immediately. Which of the following commands would be useful for the configuration of port security to achieve that setting? Also, do not choose answers where the command simply configures a default setting.
A. switchport port-security violation shutdown
B. switchport port-security
C. switchport mode access
D. switchport port-security mac-address 0200.AAAA.AAAA
E. switchport post-security mac-address sticky
F. switchport port-security maximum 1