The network security policy for Ezonexam requi
问题详情
The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
A.SWEzonexam1(config-if)# switchport port-security maximum 1
B.SWEzonexam1(config)# mac-address-table secure
C.SWEzonexam1(config)# access-list 10 permit ip host
D.SWEzonexam1(config-if)# switchport port-security violation shutdown
E.SWEzonexam1(config-if)# ip access-group 10此题为多项选择题。请帮忙给出正确答案和分析,谢谢!
参考答案
正确答案:AD
解析:ExplanationCatalystswitchesoffertheportsecurityfeaturetocontrolportaccessbasedonMACaddresses.Toconfigureportsecurityonanaccesslayerswitchport,beginbyenablingitwiththefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityNext,youmustidentifyasetofallowedMACaddressessothattheportcangrantthemaccess.Youcanexplicitlyconfigureaddressesortheycanbedynamicallylearnedfromporttraffic.Oneachinterfacethatusesportsecurity,specifythemaximumnumberofMACaddressesthatwillbeallowedaccessusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securitymaximummax-addrFinally,youmustdefinehoweachinterfaceusingportsecurityshouldreactifaMACaddressisinviolationbyusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityviolation{shutdown|restrict|protect}AviolationoccursifmorethanthemaximumnumberofMACaddressesarelearned,orifanunknown(notstaticallydefined)MACaddressattemptstotransmitontheport.Theswitchporttakesoneofthefollowingconfiguredactionswhenaviolationisdetected:shutdown-Theportisimmediatelyputintotheerrdisablestate,whicheffectivelyshutsitdown.Itmustbere-enabledmanuallyorthrougherrdisablerecoverytobeusedagain.restrict-Theportisallowedtostayup,butallpacketsfromviolatingMACaddressesaredropped.TheswitchkeepsarunningcountofthenumberofviolatingpacketsandcansendanSNMPtrapandasyslogmessageasanalertoftheviolation.protect-Theportisallowedtostayup,asintherestrictmode.Althoughpacketsfromviolatingaddressesaredropped,norecordoftheviolationiskept.
