Which two restrictions of the port security feature are true?

– by 5

Which two restrictions of the port security feature are true? (Choose two)
A. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.

cisco-exams

5 thoughts on “Which two restrictions of the port security feature are true?

  1. It is about defining static MAC entry in the CAM table, not about port-security MAC addresses:
    SW23(config)#$mac address-table static aabb.ccdd.eeff vlan 20 interface gi0/1
    Cannot add static address on Gi0/1 because port security is enabled

    Reply

  2. what do they mean by static Mac not supported ? I can do
    switchport port-security mac-address ccc:aaaa:cccc , and this is mac static.
    Do i miss something here ?

    Reply

  3. “Follow these guidelines when configuring port security:
    • You cannot enable port security on dynamic access ports.
    • You cannot enable port security on EtherChannels.
    • A secure port cannot be a destination port for the Switch Port Analyzer (SPAN).
    • A secure port cannot belong to an EtherChannel port-channel interface.
    • A secure port and a static MAC address configuration for an interface are mutually exclusive.
    • When you enter a maximum secure address value for an interface, and the new value is greater than the previous value, the new value overwrites the previously configured value. If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value, the command is rejected.
    • While configuring trunk port security on a trunk port, you do not need to account for the protocol packets (like CDP and BPDU) because they are not learned and secured.
    • You cannot enable port security aging on sticky secure MAC addresses.
    • To restrict MAC spoofing using port security, you must enable 802.1X authentication.
    • You cannot configure port security on dynamic ports. You must change the mode to access before you enable port security.”

    https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/port_sec.pdf

    Reply

  4. Trond. E? No way.
    E-> It is supported on destination SPAN ports.
    Explanation:
    A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.