Everyday Ten Ask ccie routing and switching lab

1. Question: What will the port security interface do if it is configured with the switchport port-security shutdown command?

Answer: The interface is automatically closed and the interface state is disable.

2. Question: What forms of port security support?

Answer: Port security support:

(1) ip-mac

(2) Ip

(3) Mac

3. Question: Can port security limit the number of mac addresses?

Answer: Yes, the number of port security default secure mac addresses is 128 and limitther on the number of mac addresses configured by the command is: Switch (config-if) s switchport port-security maximum 10

This port limit contains up to 10 secure mac addresses

4. Issue: Priority of port security violations

Answer: When port protection is turned on, the default violation rule for ports is protect. Which violation is used, depending on the specific needs and on the level of punishment. Also, depending on the protect.

5. Question: What is the difference between a tier two-tier secure address and a third-tier secure address?

Answer: A second-tier secure address is to bind the mac address to the port and the third-tier secure address can bind the ip to the port or the ip and mac and port.

6. Question: Can the switch allow some segments to log on only to ssh and some to sprnet?

Answer: Yes, then line vty under the acl call, match the port number can be.

7. Question: Is MAC ACL call unsuccessful?

Answer: When calling a MAC ACL, you cannot use ip access-group and use mac access-group.

8. Question: How do I do when ACL counting in the QINQ environment?

Answer: QINQ ACL Count: expert acc exten 2700

      Permit ip vid 2402 invid 106

      Permit ip vid 2402 source mac

      Permit etye-any

      Expert access-list counter 2700

9. Question: Priority of ACL calls

Answer: the priority of the acl global call is greater than the priority of the interface call.

10. Question: Does the call OF THE ACL under the gateway SVI interface cause DHCP to fail to get the address?

Answer: If the ACL ends up being deny ip any, the DHCP message is filtered. Using the “permit udp any any”or “permit ip any any” adjusting the ACL matching rules to resolve the problem.

PASSHOT will often update some network engineers in the work of the difficult problems. If you feel good, please collect our website! Here can help you CCIE Written exam and CCIE Lab exam.