A network administrator applies port security to a port with the send-alarm action. What does the switch do if it detects traffic from an unauthorized MAC address on the port?
A. It disables the port, but sends no SNMP trap.
B. It forwards the traffic, and it logs an event.
C. It blocks the traffic, but sends no SNMP trap.
D. It blocks the traffic, and it sends an SNMP trap.
by default if port security is violated without a specified action it just blocks traffic. so if an action is added to send alarm then it blocks and sends snmp traps.
Answer is D.
The correct answer is D, Learner Guide, Module 16, page 384
Port security actions
The port security feature automatically blocks traffic from devices whose MAC
addresses aren’t on the port’s authorized list. In addition to this action, you can
configure how the port should notify you when it detects an unauthorized device.
Actions include:
none—Prevents port security from sending an SNMP trap. This is the default value, so
if you do not use the action parameter to send an alarm or send an alarm and disable
the port, the port does nothing more than block traffic from the intruder.
send-alarm—Causes the switch to send an SNMP trap to a network management
station.
send-disable—Sets an intrusion flag, sends an alarm to a network management
station, and disables the port. If you reenable the port you should also use the clearintrusion-
flag command to remove the intrusion flag. Otherwise, the switch will not
disable the port again if it detects the same or a different unauthorized MAC address.
Send-alarm does not block the traffic, but logs an event on the switch/send an SNMP trap to the NMS.