What command produces the output in the exhibit?

Last Updated on August 1, 2021 by Admin 2

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

What command produces the output in the exhibit?

show port-security interface
show vlan private-vlan type
show port-security
show ip dhcp snooping

Explanation:

The exhibit displays the output of the show port-security command. This command is useful in verifying the reaction set for packets in violation. In the exhibit, Fa5/1 is configured to shut down if a violating packet is received. Port Fa5/5 is configured to drop violating packets and port Fa5/11 is configured to drop packets and generate a log message.

The output also indicates the number of secure MAC addresses permitted on each interface, the number of secure MAC addresses currently in use on the port, and how many security violations there have been.

The show port-security interface command shows the port security configuration on the specified interface. Below is an example of the command and its output:

In the example, seven MAC addresses are allowed on this interface. It can be seen that seven are now connected. Therefore, if one more user connects to the hub or switch connected to this port, the port will be placed into the err-disabled state and an SMTP trap message will be sent.

The show vlan private-vlan type command displays the private VLANs on the switch and indicates whether they are primary, isolated, or community VLANs. An example of the output is below:

In the output, VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 303 carries traffic from isolated ports to a promiscuous port.

The show ip dhcp snooping command displays whether DHCP snooping is enabled, what VLANs it is configured for, and what ports are trusted DHCP ports. An example of the output is below:

The output indicates that:
The switch is defending against a DHCP spoofing attack (indicated by lines 2 and 3)
Two ports are trusted and one is not (shown in bottom table)
Option 82 (relay agent information) is only allowed on trusted ports (indicated by lines 4 and 5)
ARP spoofing is being monitored (indicated by line 6)

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features

300-420 : All Parts

300-420 : Designing Cisco Enterprise Networks (ENSLD) : All Parts
300-420 Part 01	300-420 Part 05
300-420 Part 02	300-420 Part 06
300-420 Part 03	300-420 Part 07
300-420 Part 04

0 0 votes

Article Rating

0 Comments

Inline Feedbacks

View all comments

What command produces the output in the exhibit?

You Might Also Like

Knowing which of the following is MOST important when the information security manager is seeking senior management commitment?

You need to perform the GitHub code migration. The solution must support the planned changes for the DevOps environment. What should you use?

Which of the following commands changes all CR-LF line breaks in the text file userlist.txt to Linux standard LF line breaks and stores the result in newlist.txt?