2. 计算机
  3. The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch.

The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch.

admin2009-05-19  29
问题 The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch’s Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)
选项 A、Configure port Fa0/1 to accept connections only from the static IP address of the server
B、Configure the MAC address of the server as a static entry associated with port Fa0/1
C、Employ a proprietary connector type on Fa0/1 that is incomputable with other host connectors
D、Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server
E、Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address
答案B,D
解析 Explanation:
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port.

When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host.

The port’s behavior depends on how you configure it to respond to a security violation. When a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation.
转载请注明原文地址:https://jikaoti.com/ti/YQO7FFFM
本试题收录于: 思科640802题库思科认证分类
0

思科640802

思科认证

相关试题推荐
随机试题
最新回复(0)