Mod 11: Switch Security Configuration

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

What ports can port security be enabled on?

Manually configured access and trunk ports

2
New cards

What command do you use to enable port security?

switchport port-security

3
New cards

What command do you use to show the port security status for a specific interface?

show port-security interface int

4
New cards

What command do you use to set the max amount of MAC addresses allowed on a port?

switchport port-security maximum num

5
New cards

What is the maximum amount of MAC address a port can allow?

8192

6
New cards

What command do you use to set a static MAC address on a port?

switchport port-security mac-address mac

7
New cards

What command do you use to make dynamically learned MAC addresses stay in the configuration?

switchport port-security mac-address sticky

8
New cards

What command do you use to show learned MAC addresses and the ports they are on?

show port-security address

9
New cards

What are the types of aging with port security?

Absolute, inactivity

10
New cards

What is the difference between absolute and inactive aging?

Absolute removes MAC addresses after a specified amount of time, inactive removes MAC addresses after they are inactive for a set amount of time

11
New cards

What command do you use to set the aging time?

switchport port-security aging static time time

12
New cards

What command do you use to set the type of aging?

switchport port-security aging type absolute/inactivity

13
New cards

What command do you use to set the port security violation mode?

switchport port-security violation protect/restrict/shutdown

14
New cards

What must you do to an err-disabled port before enabling it?

Use the shutdown command

15
New cards

What command do you use to show port security settings for all ports?

show port-security

16
New cards

What is DHCP snooping?

Determines if DHCP messages are from a trusted or untrusted source

17
New cards

What interfaces are untrusted by default?

Access ports

18
New cards

What are typically trusted interfaces?

Trunks, configured interfaces

19
New cards

What command do you use to enable DHCP spoofing?

ip dhcp snooping

20
New cards

What command do you use on an interface you want to configure as a trusted DHCP interface?

ip dhcp snooping trust

21
New cards

What command do you use to limit the amount of DHCP discover messages a server can receive per second?

ip dhcp snooping limit rate 

22
New cards

What command do you use to show DCHP snooping status?

show ip dhcp snooping

23
New cards

What command do you use to enable DAI on a VLAN?

ip arp inspection vlan id

24
New cards

What command do you use to trust an interface for DAI?

ip arp inspection trust

25
New cards

What command do you use to customize what DAI uses to drop ARP packets?

ip arp inspection validate src-mac/dst-mac/ip

26
New cards

What command do you use to enable PortFast on an interface?

spanning-tree portfast

27
New cards

What command do you use to enable PortFast globally on all access ports?

spanning-tree portfast default

28
New cards

What command do you use to re-enable a BPDU Guard enabled port?

errdisable recovery cause bpduguard

29
New cards

What command do you use to enable BDPU Guard on an interface?

spanning-tree bpduguard enable

30
New cards

What command do you use to enable BPDU Guard globally on all PortFast enabled interfaces?

spanning-tree portfast bpduguard default