Home > Ticket 7 – Port Security (removed)

Ticket 7 – Port Security (removed)

April 30th, 2018 in TSHOOT v2 Go to comments

Client 1 is unable to ping Client 2 as well as DSW1. The command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0000.0000.0001

 

Answer: on ASW1 delele port-security & do on interfaces shutdown, no shutdown

Ans1) ASW1
Ans2) Port security
Ans3) In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.

Comments (13) Comments
Comment pages
1 5 6 7 22
  1. Adventure life
    January 17th, 2018

    I passed exam yesterday with the score 958/1000.
    9tut cleared lots of doubt.

  2. Abc
    January 19th, 2018

    Congratulations @Adventure life

  3. Please don’t use real name.
    January 30th, 2018

    got this question in 30th january exam.

  4. chuposeupau
    February 1st, 2018

    Este ticket voltou

  5. chuposeupau
    February 1st, 2018

    fiz a prova hoje e este ticket de port-security estava lá

  6. p9p9
    February 16th, 2018

    Can anyone clarify the correct answer for this Q? Should I simply disable port-security (plus shut/no shut) or should I enter the correct port-security config using the right MAC addresses of Client 1 and 2?

  7. colonel.exe
    February 17th, 2018

    Default setting means 1 MAC address is allowed to connect. If you remove the configured address ending .0001, you free up that space. By shutting & unshutting the interface it will then dynamically learn the MAC address of the connected client.
    You can configure the MAC address like you mention, but it’s not necessary.

  8. The_Boss
    February 19th, 2018

    Which commands will work here?

    From DSW1 can ypu do a sh run.

  9. p9p9
    February 19th, 2018

    @colonel.exe — yah, i agree. But the suggested answer is “no switchport security” which will disable port security altogether on Fa1/0/1.

    Your answer makes way more sense.

    could you confirm whether port security has to be disabled or just to delete the mac address configured in this ticket?

  10. NickMenza
    April 10th, 2018

    Does the command “show port-security interface fa1/0/1” works in exam sim?

  11. 46598dasd
    May 14th, 2018

    2018 Latest Update CCNP Dumps 300-135 100% Valid
    stumbleupon.com/su/1xowyV

  12. anonymous
    May 25th, 2018

    1. sim 2 : I had both bgp and hsrp, no issues
    2. 11 tickets
    * all good except 2
    * Ticket 6 : no vlan filter option was not available on dsw1, it was on ASW1, strange. I think I got it wrong
    * Ticket 4 : ip nat outside or inside all looked good. client was not able to ping the server but R1,2,3,4 all were able to ping to the server.
    3. MCQ all new
    – IPv6 ACLs (pick 2): standard, extended, name, tag..
    – TIme based ALCs (requirement pick 2) : standard, extended, time source from router, NTP sync and so on
    – GRE tunnel IPv6 over IPv4 (pick 2) : SRC must be IPv4, IPv6 over IPv4 .. I do not remember much
    – uRPF (it was not the same as the ones I’ve seen here)
    – to avoid fragmentation via gre tunnel, 3 command lines in order (choices were like ip mtu 1400, gre mtu discovery, mss..).
    – GRE tunnel is up but the server or host cannot pass through traffic what are the 2 things need to be fixed (move R1 to global routing, put R3 on vrf, run hearbeat on gre tunnel, and so on)
    – ping and traceroute : ping uses UDP and ICMP, traceroute uses TCP and ICMP, ping uses ICMP, only ping ses TTL, to check source IP reachability use traceroute and so on
    – server learns routes via ospf and 2 eigrp, what’s the best way to see the path to the destination
    (choicess were show ip ospf database, show eigrp topology, traceroute to the destination, show ip route)
    – management plane security (choices were DNS, ARP, TFP, HTTPS…)

  13. X
    June 6th, 2018

    Thank you for the feedback anonymous.
    I am wondering if in ticket 6 you found VLAN ACL/ Port ACL in question 2 (Did you choose DSW1 in question? ). No t sure if you saw the option ‘no vlan access-map test1 10’

Comment pages
1 5 6 7 22