Home > Ticket 7 – Port Security

Ticket 7 – Port Security

April 30th, 2018 in TSHOOT v2 Go to comments

Client 1 is unable to ping Client 2 as well as DSW1. The command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0000.0000.0001

 

Answer: on ASW1 delele port-security & do on interfaces shutdown, no shutdown

Ans1) ASW1
Ans2) Port security
Ans3) In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.

Comments (21) Comments
Comment pages
1 5 6 7 22
  1. Adventure life
    January 17th, 2018

    I passed exam yesterday with the score 958/1000.
    9tut cleared lots of doubt.

  2. Abc
    January 19th, 2018

    Congratulations @Adventure life

  3. Please don’t use real name.
    January 30th, 2018

    got this question in 30th january exam.

  4. chuposeupau
    February 1st, 2018

    Este ticket voltou

  5. chuposeupau
    February 1st, 2018

    fiz a prova hoje e este ticket de port-security estava lá

  6. p9p9
    February 16th, 2018

    Can anyone clarify the correct answer for this Q? Should I simply disable port-security (plus shut/no shut) or should I enter the correct port-security config using the right MAC addresses of Client 1 and 2?

  7. colonel.exe
    February 17th, 2018

    Default setting means 1 MAC address is allowed to connect. If you remove the configured address ending .0001, you free up that space. By shutting & unshutting the interface it will then dynamically learn the MAC address of the connected client.
    You can configure the MAC address like you mention, but it’s not necessary.

  8. The_Boss
    February 19th, 2018

    Which commands will work here?

    From DSW1 can ypu do a sh run.

  9. p9p9
    February 19th, 2018

    @colonel.exe — yah, i agree. But the suggested answer is “no switchport security” which will disable port security altogether on Fa1/0/1.

    Your answer makes way more sense.

    could you confirm whether port security has to be disabled or just to delete the mac address configured in this ticket?

  10. NickMenza
    April 10th, 2018

    Does the command “show port-security interface fa1/0/1” works in exam sim?

  11. 46598dasd
    May 14th, 2018

    2018 Latest Update CCNP Dumps 300-135 100% Valid
    stumbleupon.com/su/1xowyV

  12. anonymous
    May 25th, 2018

    1. sim 2 : I had both bgp and hsrp, no issues
    2. 11 tickets
    * all good except 2
    * Ticket 6 : no vlan filter option was not available on dsw1, it was on ASW1, strange. I think I got it wrong
    * Ticket 4 : ip nat outside or inside all looked good. client was not able to ping the server but R1,2,3,4 all were able to ping to the server.
    3. MCQ all new
    – IPv6 ACLs (pick 2): standard, extended, name, tag..
    – TIme based ALCs (requirement pick 2) : standard, extended, time source from router, NTP sync and so on
    – GRE tunnel IPv6 over IPv4 (pick 2) : SRC must be IPv4, IPv6 over IPv4 .. I do not remember much
    – uRPF (it was not the same as the ones I’ve seen here)
    – to avoid fragmentation via gre tunnel, 3 command lines in order (choices were like ip mtu 1400, gre mtu discovery, mss..).
    – GRE tunnel is up but the server or host cannot pass through traffic what are the 2 things need to be fixed (move R1 to global routing, put R3 on vrf, run hearbeat on gre tunnel, and so on)
    – ping and traceroute : ping uses UDP and ICMP, traceroute uses TCP and ICMP, ping uses ICMP, only ping ses TTL, to check source IP reachability use traceroute and so on
    – server learns routes via ospf and 2 eigrp, what’s the best way to see the path to the destination
    (choicess were show ip ospf database, show eigrp topology, traceroute to the destination, show ip route)
    – management plane security (choices were DNS, ARP, TFP, HTTPS…)

  13. X
    June 6th, 2018

    Thank you for the feedback anonymous.
    I am wondering if in ticket 6 you found VLAN ACL/ Port ACL in question 2 (Did you choose DSW1 in question? ). No t sure if you saw the option ‘no vlan access-map test1 10’

  14. $foo
    July 6th, 2018

    I took the TSHOOT Exam yesterday – Port Security-Ticket still exists …

  15. lanman
    July 7th, 2018

    If there was no vlan acl commands , Then you could of used just a regular acl
    ip access-list standard ACL_NAME

  16. Some Dude
    July 30th, 2018

    In the network tut lab, when you do ‘show ip int brief’ on ASW1 for this ticket, it shows the interfaces as down/down. However, in the actual exam, they are up/up. You won’t know it is a port security issue unless you do ‘show port-security’

  17. josh
    August 29th, 2018

    @ Some dude, did you passed the exam?

  18. Someone in London
    September 9th, 2018

    @SomeDude Thank you so much for your tip!

  19. bono
    September 24th, 2018

    Hi all,

    I had two questions last week which look new or same issue on different device.

    1- passive interface configured under eigrp router on DSW1 instead of R4
    2- there was no OSPF neighbor relationship between R1 and R2 but the issue was not auth under sub-int on R1

    Could you please kindly assist if anyone has any idea what these issues are regarding to as I booked another exam in two days? This is the last chance I have as my CCNA will be expired by 1st of October.

    I am also wondering if anyone knows how many score each TT and MCQ has?

    Your guidance is much appreciated.

    Cheers

  20. Anonymous
    September 24th, 2018

    Hi bono,

    Same here , I failed by 13 points.

    all my certifications will be expired by 1st of October as well. I have exam tomorrow, I shall update you.

  21. Anonymous
    October 4th, 2018

    Packet tracer labs. Both interfaces are shut down to act like err-disabled ports. Less than one min. Client does not have an IP address. Checked connected switch ASW1 issue found via show interfaces status. Removed port-security but client cannot ping the server. Had to wait a lot time for DHCP. Then it worked.

Comment pages
1 5 6 7 22