Port Security Questions 2
Question 1
Question 2
Explanation
In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:
protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).
Question 3
Question 4
Explanation
The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.