Answer to the Port Security Question

Posted May 28, 2013

In 200-301 V2 Ch06: Port Security, 200-301 V2 Part 2: Security Services, CCENT-OLD, Q&A

IPv6 addressing is in the new ICND1 100-101 and CCNA 200-120 exams, and the previous post posed a related question. Today’s post wraps the topic, showing the answer. Check out the question before flipping the page!

- - - Link to the question
    - Link to the brief topic introduction

The Answer

(Wendell’s note to self: internal question number 113.)

Answer(s): E

The Explanation

Port Security functions can use many different default settings. This question uses the barest minimum of configuration, relying on some of those defaults. In particular, the defaults that matter are:

The maximum number of allowed source MAC addresses (switchport port-security maximum x) defaults to 1, meaning a single MAC is allowed to send frames into the port.
The specific MAC address is not predefined, so the first source MAC address seen by the switch, once the port comes up, will be the one allowed

First, to rule out two answers, think about the direction of the messages. Port security looks at inbound frames only. In this case, only the ARP Reply and ICMP Echo Reply happen to enter SW1’s F0/2 port. The other two answers refer to messages that are sent out SW1’s F0/2 port, so those answers could not possibly be correct.

Figure 3: Port Security Answers: Reference

Next, note that the packets – the ARP Reply and the ICMP Echo Reply – will be encapsulated by PC2 into an Ethernet frame. The source MAC address of each frame will list PC2’s MAC address (whatever it is). So, both frames will list the same source MAC address, so the second frame will not exceed the number of allowed MAC addresses.

Finally, the question showed that the port was shutdown, and then brought up after adding port security. As a result, the first frames entering port F0/2 should be those two frames, both from PC2 (with source MAC address equal to PC2’s MAC address).

The long story short: None of the frames violate any port security rules, making answer E correct.

More Practice Questions:

This question is like those you get if when you buy the ICND1 100-101 Official Cert Guide. This blog also lists various practice questions as well. For more questions on a large variety of topics:

Look at the Questions tab in the www.ccentskills.com blog
Look at the Questions tab in the www.ccnaskills.com blog
Use the practice tests that come with the printed version of the book
Get additional exam banks, even more than the print book, with the Premium Edition of the Book, available only from the publisher

0 Comments

Inline Feedbacks

View all comments