A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?
- warning
- restrict
- shutdown
- protect
Answers Explanation & Hints: The “restrict” security violation mode is configured for a port with port security enabled, the port will not shut down when the maximum number of MAC addresses is reached. Instead, the switch will forward frames from known MAC addresses and discard frames with unknown source MAC addresses. Additionally, a notification is sent to the syslog server to alert the network administrator of the violation.
This mode is useful when the network administrator wants to be notified of unauthorized devices being connected to the network, but does not want to completely shut down the port and disrupt network connectivity. The administrator can then investigate the issue and take appropriate actions, such as disabling the port or configuring the MAC address of the authorized device on the port.