题库Q136疑问
Q136What is valid reason for a switch to deny port access to new devices when port security is enabled?A. The denied MAC addresses have already been learned or configured on another secure interface in the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.
题库里给B,但国外说是A外国人对Q136的解释:A security violation occurs in either of these situations:* When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.From the second statement we can figure out A is the correct answer. But for your information we will discuss other answers as well.Answer B is not correct because we can’t configured which MAC address will be denied. We can only configure which MAC is allowed.We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.
B、C、D 大体上还算了解,选项A与红字部分求解释,怎么翻都感觉不是很理解...
交换机的Port security是mac和端口绑定的 如果一个端口上已经存在了一个认可的mac地址,而这个地址又出现在同个vlan的另外个端口上,同样要被封。这就是红字的意思。记住mac和端口的绑定是同时存在且密切关联的缺一不可 {:6_265:}不错,又占了一个沙发!
页:
[1]