Answer to the Port Security Question

 In 200-301 V2 Ch06: Port Security, 200-301 V2 Part 2: Security Services, CCENT-OLD, Q&A

IPv6 addressing is in the new ICND1 100-101 and CCNA 200-120 exams, and the previous post posed a related question. Today’s post wraps the topic, showing the answer. Check out the question before flipping the page!

The Answer

(Wendell’s note to self: internal question number 113.)

Answer(s): E

The Explanation

Port Security functions can use many different default settings. This question uses the barest minimum of configuration, relying on some of those defaults. In particular, the defaults that matter are:

  • The maximum number of allowed source MAC addresses (switchport port-security maximum x) defaults to 1, meaning a single MAC is allowed to send frames into the port.
  • The specific MAC address is not predefined, so the first source MAC address seen by the switch, once the port comes up, will be the one allowed

First, to rule out two answers, think about the direction of the messages. Port security looks at inbound frames only. In this case, only the ARP Reply and ICMP Echo Reply happen to enter SW1’s F0/2 port. The other two answers refer to messages that are sent out SW1’s F0/2 port, so those answers could not possibly be correct.

Figure 3: Port Security Answers: Reference

Next, note that the packets – the ARP Reply and the ICMP Echo Reply – will be encapsulated by PC2 into an Ethernet frame. The source MAC address of each frame will list PC2’s MAC address (whatever it is). So, both frames will list the same source MAC address, so the second frame will not exceed the number of allowed MAC addresses.

Finally, the question showed that the port was shutdown, and then brought up after adding port security. As a result, the first frames entering port F0/2 should be those two frames, both from PC2 (with source MAC address equal to PC2’s MAC address).

The long story short: None of the frames violate any port security rules, making answer E correct.

More Practice Questions:

This question is like those you get if when you buy the ICND1 100-101 Official Cert Guide. This blog also lists various practice questions as well. For more questions on a large variety of topics:


#CCENT and #CCNA Fast Start: a Port Security Question
#CCNA Fast Start: EIGRP
Notify of

Inline Feedbacks
View all comments
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Would love your thoughts, please comment.x