A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
To increment the security-violation count and forward an SNMP trap on a switch port, the command 'switchport port-security violation restrict' should be configured. In the 'restrict' violation mode, packets with unauthorized MAC addresses are dropped, the SecurityViolation counter is incremented, and an SNMP trap notification is generated. Other modes such as 'protect' do not send SNMP traps, and 'shutdown' puts the interface into an error-disabled state, which is not specified in the question.
C is best answer, had the question included the port err-disabled then D
Protect - drops the packet with unknown src address until you remove a secure mac address to drop below the max value. no trap is sent. Restrict- same but violation increments and TRAP sent to SNMP manager. shutdown- puts interface in error disabled and sends a trap to the manager
When a port configured for "shutdown" experiences a violation, it sends an syslog message, sets the violation count to 1, then error disables. These questions are flat out wrong.
The question never states that they want the port shutdown as well. Therefore the best answer it C.
C is correct, only Restrict will send a syslog/SNMP by default
"Regarding the two correct answers, a port in port security restrict does cause the switch to issue log messages for a violating frame, send SNMP traps about that same event (if SNMP is configured), and increment the counter of violating frames." - CCNA 200-301 Vol. 2 by W. Odom So I assume that D is also an answer(only based on the book) as it also sends syslog and SNMP (if configured). But I guess it's a matter of specificity of perks unlocked, so also C for me.
Answer should be D restrict—When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. An SNMP trap is sent, a syslog message is logged, and the violation counter increments. shutdown—The interface is error-disabled when a violation occurs, and the port LED turns off. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
The question didn't say anything about the port being shut down what makes you so sure it's D?
Directly from the pdf provided reference. When configuring port security violation modes, note the following information: • protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. • restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. • shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.
copy pasted directly out of provided link •Restrict—A port security violation restricts data, causes the SecurityViolation counter to increment, and causes an SNMP Notification to be generated. The rate at which SNMP traps are generated can be controlled by the snmp-server enable traps port-security trap-rate command. The default value ("0") causes an SNMP trap to be generated for every security violation. •Shutdown—A port security violation causes the interface to shut down immediately. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command or you can manually reenable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.
here the key word is increment in the violation mode shutdown the counter is set to 1 not increment to 1 so for the voiloation mode restrict counter is increment by 1 for each traffic unauthorized
C is correct
C. switchport port-security violation restrict "restrict" will increment the security-violation count and forward an SNMP trap