A network engineer is configuring port security on a Cisco switch. The requirement is to allow only the first MAC address that appears on the port to be learned and to automatically disable the port if a violation occurs. The engineer configures 'switchport port-security mac-address sticky' but does not specify a maximum number of secure MAC addresses. After connecting a single host, the port works. However, when the host is replaced with a different device, the port is error-disabled. What is the most likely reason?
Trap 1: The sticky keyword requires the engineer to first manually…
Incorrect because sticky can be used without specifying a maximum; the default maximum is 1.
Trap 2: The violation mode is set to 'restrict' by default, which causes…
Incorrect because the default violation mode is 'shutdown', not 'restrict'.
Trap 3: The port security aging type is set to 'absolute' by default,…
Incorrect because aging is not enabled by default and does not cause error-disable on a new MAC.
- A
The default maximum number of secure MAC addresses is 1, so the second MAC address triggers a violation.
Correct because the default maximum is 1, and sticky learning does not change that.
- B
The sticky keyword requires the engineer to first manually configure a maximum number of MAC addresses.
Why wrong: Incorrect because sticky can be used without specifying a maximum; the default maximum is 1.
- C
The violation mode is set to 'restrict' by default, which causes the port to error-disable after one violation.
Why wrong: Incorrect because the default violation mode is 'shutdown', not 'restrict'.
- D
The port security aging type is set to 'absolute' by default, causing the sticky address to expire immediately.
Why wrong: Incorrect because aging is not enabled by default and does not cause error-disable on a new MAC.