What command produced the output in the exhibit?

Last Updated on August 1, 2021 by Admin 2

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

What command produced the output in the exhibit?

show port-security interface
show vlan private-vlan type
show port-security
show ip dhcp snooping

Explanation:

The exhibit displays the output of the show port-security command. This command is useful in verifying the reaction set for packets in violation. In the exhibit, Fa5/1 is configured to shut down if a violating packet is received. Port Fa5/5 is configured to drop violating packets, and port Fa5/11 is configured to drop packets and generate a log message.

The output also indicates the number of secure MAC addresses permitted on each interface, the number of secure MAC addresses currently in use on the port, and how many security violations have already occurred.

The show port-security interface command shows the port security configuration on the specified interface. Below is an example of that command output:

In the above example, seven MAC addresses are allowed on this interface. It can be seen that seven are now connected. Therefore, if one more user connects to the hub or switch that is connected to this port, the port will be placed into the err-disabled state and an SMTP trap message will be sent.

The show vlan private-vlan type command displays the private VLANs on the switch and whether they are primary, isolated, or community VLANs. An example of the command output is below:

In the output, VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 303 carries traffic from isolated ports to a promiscuous port.

The show ip dhcp snooping command displays whether DHCP snooping is enabled, what VLANs it is configured for, and what ports are trusted DHCP ports. An example output is below.

The show ip dhcp snoopingcommand output indicates that:
The switch is defending against a DHCP spoofing attack (indicated by lines 2 and 3)
Two ports are trusted and one is not (shown in bottom table)
Option 82 (relay agent information) is only allowed on trusted ports (indicated by lines 4 and 5)
ARP spoofing is being monitored (indicated by line 6)

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

0 0 votes

Article Rating

0 Comments

Inline Feedbacks

View all comments

What command produced the output in the exhibit?

You Might Also Like

Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?

Which of the following cryptographic algorithm uses public key and private key to encrypt or decrypt data?

An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST: