Question 1hardmultiple choice
Full question →hardmultiple choiceObjective-mapped
Exhibit
interface GigabitEthernet0/10 switchport mode access switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown Event: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addresses ... on port Gi0/10.
Based on the exhibit, what is the strongest explanation for why Gi0/10 shut down after a hub was connected?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Port security detected more MAC addresses than allowed on the interface.
This is correct because the configuration allows only one secure MAC and the violation message confirms the policy breach.
B
Distractor review
The interface received a superior BPDU and became the root port.
This is wrong because the event shown is a port-security violation, not an STP role change.
C
Distractor review
The hub forced the interface to become a routed port.
This is wrong because connecting a hub does not convert a switchport into a Layer 3 interface.
D
Distractor review
DHCP snooping always shuts a port when a hub is attached.
This is wrong because the specific event shown is from port security, not DHCP snooping.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A common exam trap is confusing port security violations with Spanning Tree Protocol (STP) events or DHCP snooping actions. Candidates may incorrectly assume that receiving superior BPDUs or DHCP snooping triggers port shutdowns. However, the shutdown in this question is specifically due to port security detecting more MAC addresses than allowed on the interface. Misinterpreting the violation message or the cause of the port shutdown leads to selecting incorrect answers related to STP or DHCP snooping instead of port security.
Technical deep dive
How to think about this question
Port security is a Layer 2 feature used on Cisco switches to restrict the number of MAC addresses learned on a single switchport. It helps prevent unauthorized devices from connecting to the network by limiting the number of secure MAC addresses allowed. When the number of MAC addresses exceeds the configured maximum, the switch triggers a violation action, which can include shutting down the port (err-disable), dropping packets, or generating alerts. In this scenario, the interface Gi0/10 is configured to allow only one secure MAC address. Connecting a hub to this port causes multiple devices to share the same physical interface, resulting in multiple MAC addresses appearing on Gi0/10. Since this exceeds the configured limit, the port security violation triggers the shutdown of the interface to enforce the security policy and prevent unauthorized access or MAC flooding. The exam trap here is confusing port security violations with other Layer 2 protocols or features such as Spanning Tree Protocol (STP) or DHCP snooping. The shutdown is not caused by STP role changes or DHCP snooping but specifically by port security detecting more MAC addresses than allowed. Practically, this behavior protects the network by disabling ports that violate security policies, which is critical for access layer security in Cisco networks.
KKey Concepts to Remember
- Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.
- When the number of MAC addresses exceeds the configured maximum on a port, port security triggers a violation action such as shutting down the interface.
- Connecting a hub to a switchport configured with a single secure MAC address causes multiple MAC addresses to appear, triggering a port security violation.
- Port security violation actions include err-disable shutdown, which disables the port until manually re-enabled or automatically recovered.
- Spanning Tree Protocol (STP) role changes do not cause port shutdowns related to port security violations.
- DHCP snooping violations are distinct from port security violations and do not automatically shut down a port when a hub is connected.
- Port security enforces Layer 2 access control by limiting MAC addresses, protecting the network from MAC flooding and unauthorized devices.
- The err-disable state caused by port security violations requires administrative intervention or configured recovery to restore port functionality.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.
What is the correct answer to this question?
The correct answer is: Port security detected more MAC addresses than allowed on the interface. — The strongest explanation is a port-security violation caused by the switch seeing more secure MAC addresses than the interface allows. In practical terms, a hub or unmanaged device can cause multiple end hosts to appear behind one access port. If the interface is configured with a maximum of one secure MAC address, additional learned MACs trigger the violation action. This is a realistic access-layer security scenario because the port does not fail randomly. It fails because the observed behavior violates the configured policy.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.