A security auditor discovers that several unused switch ports are in default configuration. The auditor recommends implementing a security measure that will disable the port if an unauthorized device is connected, and then automatically re-enable the port after a specified time period. Which feature should be configured on the switch ports?
Port security shutdown disables the port on violation, and errdisable recovery allows automatic re-enablement after a configured time.
Why this answer
Port security with violation mode 'shutdown' disables the port when an unauthorized device is detected, and the errdisable recovery interval automatically re-enables the port after a specified time period. This directly matches the auditor's requirement to disable on unauthorized connection and auto-re-enable after a timeout.
Exam trap
Cisco often tests the distinction between port security's 'shutdown' violation mode (which triggers errdisable) and 'restrict' or 'protect' modes (which do not disable the port), leading candidates to incorrectly assume any port security mode meets the requirement for automatic re-enablement.
How to eliminate wrong answers
Option A is wrong because 802.1X with RADIUS authentication and guest VLAN controls network access at Layer 2 using authentication, but it does not disable the port or provide automatic re-enablement after a timeout; it either grants or denies access based on credentials. Option C is wrong because DHCP snooping and dynamic ARP inspection are security features that prevent DHCP spoofing and ARP poisoning, but they do not disable switch ports upon unauthorized device connection or include an errdisable recovery mechanism. Option D is wrong because storm control and broadcast suppression limit excessive broadcast, multicast, or unknown unicast traffic to prevent network storms, but they do not disable ports based on unauthorized device detection or provide automatic re-enablement.