A.SWEzonexam1(config-if)# switchport port-security maximum 1
B.SWEzonexam1(config)# mac-address-table secure
C.SWEzonexam1(config)# access-list 10 permit ip host
D.SWEzonexam1(config-if)# switchport port-security violation shutdown
E.SWEzonexam1(config-if)# ip access-group 10
参考答案
正确答案:AD
解析:ExplanationCatalystswitchesoffertheportsecurityfeaturetocontrolportaccessbasedonMACaddresses.Toconfigureportsecurityonanaccesslayerswitchport,beginbyenablingitwiththefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityNext,youmustidentifyasetofallowedMACaddressessothattheportcangrantthemaccess.Youcanexplicitlyconfigureaddressesortheycanbedynamicallylearnedfromporttraffic.Oneachinterfacethatusesportsecurity,specifythemaximumnumberofMACaddressesthatwillbeallowedaccessusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securitymaximummax-addrFinally,youmustdefinehoweachinterfaceusingportsecurityshouldreactifaMACaddressisinviolationbyusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityviolation{shutdown|restrict|protect}AviolationoccursifmorethanthemaximumnumberofMACaddressesarelearned,orifanunknown(notstaticallydefined)MACaddressattemptstotransmitontheport.Theswitchporttakesoneofthefollowingconfiguredactionswhenaviolationisdetected:shutdown-Theportisimmediatelyputintotheerrdisablestate,whicheffectivelyshutsitdown.Itmustbere-enabledmanuallyorthrougherrdisablerecoverytobeusedagain.restrict-Theportisallowedtostayup,butallpacketsfromviolatingMACaddressesaredropped.TheswitchkeepsarunningcountofthenumberofviolatingpacketsandcansendanSNMPtrapandasyslogmessageasanalertoftheviolation.protect-Theportisallowedtostayup,asintherestrictmode.Althoughpacketsfromviolatingaddressesaredropped,norecordoftheviolationiskept.