A network engineer is configuring port security on a Cisco switch to prevent unauthorized devices from connecting. The requirement is to allow only the first two MAC addresses learned on an interface, and to disable the interface if a violation occurs. Which configuration achieves this?
Trap 1: switchport port-security maximum 2 switchport port-security…
Err-disable is not a valid violation mode; the mode is shutdown that causes err-disable state.
Trap 2: switchport port-security maximum 2 switchport port-security…
Protect drops traffic silently but does not disable the interface.
Trap 3: switchport port-security maximum 2 switchport port-security…
Restrict does not disable the interface; it drops traffic and logs.
- A
switchport port-security maximum 2 switchport port-security violation err-disable
Why wrong: Err-disable is not a valid violation mode; the mode is shutdown that causes err-disable state.
- B
switchport port-security maximum 2 switchport port-security violation shutdown
Correct: sets max to 2 and violation shutdown disables interface.
- C
switchport port-security maximum 2 switchport port-security violation protect
Why wrong: Protect drops traffic silently but does not disable the interface.
- D
switchport port-security maximum 2 switchport port-security violation restrict
Why wrong: Restrict does not disable the interface; it drops traffic and logs.