What command produced the output in the exhibit?

Last Updated on August 1, 2021 by Admin 2

What command produced the output in the exhibit?

300-420 Part 07 Q15 057
300-420 Part 07 Q15 057
  • show port-security interface
  • show vlan private-vlan type
  • show port-security
  • show ip dhcp snooping

The exhibit displays the output of the show port-security command. This command is useful in verifying the reaction set for packets in violation. In the exhibit, Fa5/1 is configured to shut down if a violating packet is received. Port Fa5/5 is configured to drop violating packets, and port Fa5/11 is configured to drop packets and generate a log message.

The output also indicates the number of secure MAC addresses permitted on each interface, the number of secure MAC addresses currently in use on the port, and how many security violations have already occurred.

The show port-security interface command shows the port security configuration on the specified interface. Below is an example of that command output:

300-420 Part 07 Q15 058
300-420 Part 07 Q15 058

In the above example, seven MAC addresses are allowed on this interface. It can be seen that seven are now connected. Therefore, if one more user connects to the hub or switch that is connected to this port, the port will be placed into the err-disabled state and an SMTP trap message will be sent.

The show vlan private-vlan type command displays the private VLANs on the switch and whether they are primary, isolated, or community VLANs. An example of the command output is below:

300-420 Part 07 Q15 059
300-420 Part 07 Q15 059

In the output, VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 303 carries traffic from isolated ports to a promiscuous port.

The show ip dhcp snooping command displays whether DHCP snooping is enabled, what VLANs it is configured for, and what ports are trusted DHCP ports. An example output is below.

300-420 Part 07 Q15 060
300-420 Part 07 Q15 060

The show ip dhcp snoopingcommand output indicates that:
The switch is defending against a DHCP spoofing attack (indicated by lines 2 and 3)
Two ports are trusted and one is not (shown in bottom table)
Option 82 (relay agent information) is only allowed on trusted ports (indicated by lines 4 and 5)
ARP spoofing is being monitored (indicated by line 6)

Infrastructure Security
Configure and verify switch security features

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments