ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-115 All Questions

View all questions & answers for the 300-115 exam
Go to Exam

Exam 300-115 topic 2 question 29 discussion

Actual exam question from Cisco's 300-115
Question #: 29
Topic #: 2
[All 300-115 Questions]

On which interface can port security be configured?

  • A. static trunk ports
  • B. destination port for SPAN
  • C. EtherChannel port group
  • D. dynamic access ports
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Port Security and Port Types -
You can configure port security only on Layer 2 interfaces. Details about port security and different types of interfaces or ports are as follows:
✑ Access ports You can configure port security on interfaces that you have configured as Layer 2 access ports. On an access port, port security applies only to the access VLAN.
✑ Trunk ports You can configure port security on interfaces that you have configured as Layer 2 trunk ports. VLAN maximums are not useful for access ports.
The device allows VLAN maximums only for VLANs associated with the trunk port.
✑ SPAN ports You can configure port security on SPAN source ports but not on SPAN destination ports.
✑ Ethernet Port Channels Port security is not supported on Ethernet port channels.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_portsec.html
These are some other guidelines for configuring port security:
Port security can only be configured on static access ports. A secure port cannot be a dynamic access port or a trunk port. A secure port cannot be a destination port for Switch Port Analyzer (SPAN). A secure port cannot belong to an EtherChannel port group. A secure port cannot be an 802.1X port. You cannot configure static secure MAC addresses in the voice VLAN.
Reference: https://supportforums.cisco.com/t5/network-infrastructure-documents/unable-to-configure-port-security-on-a-catalyst-2940-2950-2955/ta-p/3133064
by Henry117 at June 15, 2019, 6:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bastex
5 years, 7 months ago
"Port security cannot be enabled on dynamic access ports." "Trunk port security extends port security to trunk ports. It restricts the allowed MAC addresses or the maximum number of MAC addresses to individual VLANs on a trunk port. Trunk port security enables service providers to block the access from a station with a different MAC address than the ones specified for that VLAN on that trunk port. When a trunk port security violation occurs, the trunk port is shut down and an SNMP trap may be generated. Trunk port security is also supported on private VLAN trunk ports." https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25sg/configuration/guide/conf/port_sec.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel