Exam 200-301 topic 1 question 691 discussion

When you enable port security on a switch, by default only one MAC address can be learned. To allow more than one MAC address on a switch port simultaneously, use the command:port-security maximum <max-number>.

A is correct

From Official Cert Guide Step 1. Use the switchport mode access or the switchport mode trunk interface subcommands, respectively, to make the switch interface either a static access or trunk interface. Step 2. Use the switchport port-security interface subcommand to enable port security on the interface. Step 3. (Optional) Use the switchport port-security maximum number interface subcommand to override the default maximum number of allowed MAC addresses associated with the interface (1). Step 4. (Optional) Use the switchport port-security violation {protect | restrict | shutdown} interface subcommand to override the default action to take upon a security violation (shutdown). Step 5. (Optional) Use the switchport port-security mac-address mac-address interface subcommand to predefine any allowed source MAC addresses for this interface. Use the command multiple times to define more than one MAC address. Step 6. (Optional) Use the switchport port-security mac-address sticky interface subcommand to tell the switch to “sticky learn” dynamically learned MAC addresses.

Because the default number of secure addresses is one and the default violation action is to shut down the port, configure the maximum number of secure MAC addresses on the port before you enable port security on a trunk. LINK: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html

A. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html

A. It places the port in the err-disabled state if it learns more than one MAC address.

It's a vague question. None of the options present a correct answer, but A looks somewhat closer. Here's why: A trunk port does not place the port in the err-disabled state if it learns more than one MAC address, as port security is not supported on trunk ports. Therefore, it is not possible for a trunk port to trigger the err-disabled state due to port security violations. However, it is possible to configure port security on a trunk port to restrict the number of MAC addresses allowed on a specific VLAN.

I think, portsecurity is NOT enabled on trunk intf, you have to change it to access mode first. To me it is another stupid question.

Labbed it (quickly) in packet tracer, answer is A

A, dont have sense, the objetive of trunk is learns more than one MAC address. Should be C