Home > Port Security

Port Security

August 29th, 2017 in SWITCH 300-115 Go to comments

Question 1

Explanation

The “sticky” keyword in switchport port-security mac-address sticky command converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses and adds to the running configuration.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtrafc.html)

Question 2

Explanation

Port security can be enabled on both access and static trunk ports. An example of configuring port security on a static trunk port is shown below:

Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport port-security

We cannot configure port security on a dynamic interface. For example we will see an error when try it:

Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)# switchport port-security
Command rejected: FastEthernet0/1 is a dynamic port.

Question 3

Explanation

When a port security violation is detected, the switch automatically places the port in the “err-disabled” shutdown state. The “errdisable recovery cause psecure-violation” command brings a secure port out of error-disabled state.

Note: There is a similar command: “errdisable recovery cause security-violation” but it recovers a port from 802.1x violation disable state.

Question 4

Explanation

When a port security violation is detected, the switch automatically places the port in the “err-disabled” shutdown state.

Question 5

Explanation

If any one of the errdisable recovery conditions is enabled, the ports with this condition are reenabled after 300 seconds. You can also change this default of 300 seconds if you issue this command:

Switch(config)#errdisable recovery interval timer_interval_in_seconds

Question 6

Explanation

A sticky MAC address can be learned automatically or configured manually. When it is dynamically learned, the MAC address is automatically entered into the running configuration as a static MAC address; the address is then kept in the running configuration until a reboot. On reboot, the MAC address will be lost; if we want to keep the MAC address after a reboot, we need to save the running config (with the command copy running-config startup-config)

To turn on sticky feature on a switch, use the switchport port-security mac-address sticky command. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky MAC addresses.

Question 7

Question 8

Question 9

Question 10

Comments
  1. Abdul Aziz
    April 13th, 2015

    am i should study 300-115 tut with 642-813 tut or only 300-115
    its very few

  2. Arjen
    April 21st, 2015

    Im doing both. I think only the 300-115 questions are too few…

  3. khan
    May 17th, 2015

    next week i am going for ccnp switch , are these question are valid now

  4. Paulo_Moura
    June 23rd, 2015

    Q3
    It would not be the answer A? . Is asked what command re-enables the user ports. The command that re-enables independent of the type of violation doors is the “errdisable recovery interval”

  5. Breeze
    July 20th, 2015

    @Paulo_Moura
    errdisable recovery interval only sets the interval for recovery, but it doesn’t actually re-enable the port.

  6. asaad
    July 29th, 2015

    why there is no question just explanation ?

  7. asaad
    July 29th, 2015

    why there is no question ?

  8. Jack
    July 29th, 2015

    @asaad – Thanks to Cisco :|

  9. Simo
    August 7th, 2015

    There is no Questions!!!

  10. simo
    August 10th, 2015

    Does anyone have the answer?
    thank you in advance…

  11. lik
    August 16th, 2015

    Q4
    Which option is a possible cause for an errdisabled interface?
    A. routing loop
    B. cable unplugged
    C. STP loop guard
    D. security violation
    Answer: D
    Why not B? UDLD aggresive will put port in errdisabled in some states
    or “C” Stp loop. I saw this error
    https://supportforums.cisco.com/discussion/10135536/spantree-2-chnmiscfg-stp-loop

  12. Jam
    August 24th, 2015

    Please send me link where to download latest vce file for ccnp switch. and if you can provide as well where I can download vce reader for windows pc and android.

  13. certprepare
    August 29th, 2015

    Because of copyrighted issues, certprepare had to remove all questions and answers. You can download them at http://www.mediafire.com/view/9mq20kx0mgam6k7/SWITCH_July_2015.pdf

  14. olga
    January 5th, 2016

    Hi..a nice example is also here for port security…
    http://ipcisco.com/switch-port-security-part-2-packet-tracer-port-security-configuration-example/
    Check also part 1 as a summary..

  15. CCNP
    March 22nd, 2016

    Q1) … or manually configured… Sticky is NOT manually configured. If you want to manually configure a mac address on a port you do NOT use “sticky”:

    IOU1(config-if)#sw port-security mac-address ?
    H.H.H 48 bit mac address
    sticky Configure dynamic secure addresses as sticky

    That is an either/or, not a both.

  16. FustratedCCNPLoser
    March 26th, 2016

    My exam was taken on 3/25/2016 as I ended up with a humiliating 643/1000. All my study material was from the CiscoPress eBook (300-115), CBT Nuggets, VCE dumps (191q) and Certprep (SWITCH_JULY_2015). I put in 6-7 study hours a day for nearly a month to pass 300-115 with extreme confidence, but I was shot down when I was roasted by the exam. The latest dumps from this site only covered about 25% of the questions given, but all the Lab Sim simulation were correct as I had LACP with STP / HRSP / AAA. I was easily able to finish the lab sims on the exam with success but fell way short when it came the questions with educated guesses. I would like to know if anyone can help me out to receive the latest dumps soon. Thanks. c_brotha @ yahoo.com

  17. CLI
    July 4th, 2016

    Q1: Sticky secure MAC addresses—These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_44_se/configuration/guide/scg/swtrafc.html#wp1038501

  18. joghee
    September 4th, 2016

    I am confused about Question number 6. Can someone please explain this.

    the Answer here is that the address is retained after reboot. Explanation mentions that when configured it stays in running config. I thought information in running config gets erased upon reboot. If that is the case then the answer here is not correct. Am I right.

  19. asslover
    September 7th, 2016

    Q1 is completely wrong
    those mac adresses are called: secure mac addresses.
    so the right answer is D not A

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html

  20. QnA
    September 11th, 2016

    @joghee Read the question bro, there is written copy run start is used also.

  21. Anonymous
    September 22nd, 2016

    Q1 is correct the answer is A

    You can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, it is not recommended.

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html

  22. BaBu
    November 22nd, 2016

    What the demand of international job market between networking and programming .

  23. Neo
    December 12th, 2016

    300-115 (10 Dec 2016) Score 895
    HSRP Lab Sim
    LACP with STP Sim
    AAAdot1x Lab Sim
    Drag and Drop
    CertPrep 100% valid
    Resources: Official Cert Guide, Foundation Learning Guide, INE Switching training.

  24. Majd
    December 12th, 2016

    Q2 Looks not correct as I found on Cisco website

    trunk cann’t be a secure port ! please help to explain that

    Follow these guidelines when configuring port security:

    •A secure port cannot be a trunk port.

    •A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

    •A secure port cannot belong to an EtherChannel port-channel interface.

    •A secure port and static MAC address configuration are mutually exclusive.

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html

  25. bisaya
    December 20th, 2016

    is this site valid?

  26. Want it ?
    January 14th, 2017

    want 191q and a bunch of additional info
    paypal to – ciscoted at techie dot com

    Paypal is greedy so I am asking for $12.00 USD -since they take a few dollars for their site

  27. sos
    March 19th, 2017

    Does anyone has the latest dump for 300-115 ?

  28. Anonymous
    May 26th, 2017

    Had another questions relating to frame size of 802.1q in my exam that’s looks similar, but not listed here. Be careful and read this question carefully….

    Which option is the maximum frame size of an 802.1Q frame?
    A. 64 bytes
    B. 68 bytes
    C. 1518 bytes
    D. 1522 bytes **

    Answer: D (maximum)

    In the recent dumps, it’s similar to the one above, except it says minimum:

    Which option is the minimum frame size of an 802.1Q frame?
    A. 64 bytes
    B. 68 bytes **
    C. 1518 bytes
    D. 1522 bytes

    Answer: B (minimum)

  29. BoZZ
    September 2nd, 2017

    Q1 should be D. Dynamically learned MACs are made sticky so that they are saved to running-config and can be saved with “copy run start”. Static MACs are already in running-config – so why will you need sticky? Static MACs can’t be sticky.

  30. QUESTIONS?????
    October 3rd, 2017

    where are the questions?????

  1. No trackbacks yet.