Exam 200-301 topic 1 question 1290 discussion

C is correct

Based on Cisco documentation, the port-security violation mode that drops traffic from unknown MAC addresses and sends an SNMP trap is: C. restrict The "restrict" mode limits the number of valid MAC addresses that can be learned on a port. If the number of addresses reaches the limit, packets from additional source addresses are dropped, and an SNMP trap is sent to notify network administrators of the security violation. For reference, the "shutdown" mode also sends an SNMP trap, but it has the added reaction of shutting down the port, making it nonoperational until it is manually re-enabled or the switch is restarted. The "protect" mode simply drops packets with unknown source MAC addresses without sending an SNMP trap. The "shutdown VLAN" is not a standard port security violation mode in Cisco devices. The official documentation for this is available on the Cisco website under the configuration guides for Cisco IOS and specific switch models, under the section for configuring port security.

Violation Mode Forwards Traffic Sends Syslog Message Displays Error Message Increases Violation Counter Shuts Down Port Protect No No No No No Restrict No Yes No Yes No Shutdown No No Yes Yes Yes

C. restrict Explanation: In port-security on a Cisco switch, there are three violation modes: shutdown, protect, and restrict. Shutdown: This mode will put the interface into an error-disabled state if a security violation occurs, effectively shutting down the port. Protect: In this mode, the switch drops traffic from unknown MAC addresses but does not send any SNMP trap. Restrict: This mode drops traffic from unknown MAC addresses and generates an SNMP trap. Therefore, the correct answer is "C. restrict" because it both drops traffic from unknown MAC addresses and forwards an SNMP trap.