Home > Ticket 7 – Port Security

Ticket 7 – Port Security

April 30th, 2018 Go to comments

Client 1 is unable to ping Client 2 as well as DSW1. The command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0000.0000.0001

 

Answer: on ASW1 delele port-security & do on interfaces shutdown, no shutdown

Ans1) ASW1
Ans2) Port security
Ans3) In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.

Note: There is another ticket (ticket 13) in which port security is also configured but it is not the fault. In that ticket when we “show interfaces fa1/0/1” we see the interface is in ‘up/up’ state so be careful to identify the two tickets.

Comments (10) Comments
  1. Anonymous
    January 12th, 2020

    If you see the ports fa1/0/1 and fa1/0/2 are down remove the port security and bounce the ports.

  2. maria
    January 23rd, 2020

    Hi Guys,

    I have a question regarding the SAM’s strategy.

    Client 1 (ping 10.1.1.1) > R1 (show run and check), there are 4 possibilities of tickets:

    hey all dont worry about all bullshit stigmata u will spend more time trying to memorize them and forget them in the sweaty moment

    just ping form C1 and move upstream or downstream with your pings to determine the faulty device

  3. maria
    January 23rd, 2020

    1- passive interface configured under eigrp router on DSW1 instead of R4–not true
    2- there was no OSPF neighbor relationship between R1 and R2 but the issue was not auth under sub-int on R1- no its not written on the ospf 1 process

  4. Desam
    February 6th, 2020

    Guys Passed Today with 980/1000, I missed one MCQ but it was listed here in the MCQ section, so you should be ok,
    IMPORTANT please note that port security issue in ASW1 DOES not appear as intended here, ( just as CR mentioned)
    Port Security issue ( ticket #7) So you will follow SAM until you see that the issue is not R1. the you move to ASW1, do a show run, and you will see Port security on both Client’s insterfaces, and you would think thats the problem, since thats how it shows up here, BUT it is not!!!! if you do “Ip interface brief” you WILL SEE both interfaces UP/UP so thats NOT a Port security issue!!!
    The problem will be “IP helper in DSW1”!!! do a show run in DSW1 and you will see it!! also do “ipconfig” in client 1! you will see it does not have a gateway configured! you also should see IP helper for Vlan 10 with a wrong IP address.

  5. ESKAE
    February 12th, 2020

    Just took the exam and passed with a 1000. Everything here is valid.

    This one was a lil tricky. You will see port-security configured on the fa1/0/1 and 1/0/2 interfaces
    type show interface fa1/0/1 this is the only way to ensure the port is UP/UP like @DESAM explained

    you can type show port-security interface fa1/0/1 and 1/0/2 which will confirm if the port is shutdown due to a security violation.

  6. nhema
    February 16th, 2020

    you can use sh int status command to check the status of ports in ASW1 & its shows status err-disabled Fa1/0/1 & Fa1/0/2. Not sure command will work in exam

  7. Sepideh
    February 16th, 2020

    @nhema
    sho err-disabled does not work in Exam sim

  8. Anonymous
    February 16th, 2020

    Thank you for Networktut for all hard works, this website truly help me to achieve full score (1000)
    I like to share my experience, which may be helpful for you to pass the exam
    MCQs seen from Nov, but make sure read questions carefully as they are coming with detailed scenarios
    To disable passive interface only option appears in the exam as no ip passive-interface eigrp 10 under interface configuration mode. So we have to choose it.
    As per my experience this command is not working on all Cisco versions. Cisco 7200 series doesn’t support for this command, which I used in GNS3
    No 13 appears with incorrect DHCP helper address
    It was quite tricky
    Client1-> ipconfig shows with 169.— so decided to go through bottom-up approach
    ASW1->show ip interface brief f1/0/0 and f1/0/2 connected to Clients show up with up/up status.
    However when I applied show port-security given the out put with violation count 1 and status shutdown per each interface. quite confused..I didn’t choose remove port-security option.so rather choosing port security issue I decided to investigate further.
    So found incorrect IP helper-address 10.2.21.129(which doesn’t exist in routing table and no such IP available in DHCP router)
    So therefore I decided to choose correct IP helper address 10.1.21.129
    So please don’t blindly choose answers

    Pls. pls. carefully check configuration,

    Wishing everyone Good-Luck

  9. Karissa Thiessen
    June 15th, 2022

    I have a small question

  10. Russel Foveaux
    October 19th, 2022

    to design quality content spinning you need efficient and fast software, you will find it on content-spinning.fr so don't wait any longer.