Port Security Violation Configuration

C.

Port security is a feature in Cisco switches that allows an administrator to restrict the number of devices that can connect to a switch port. The feature helps to prevent unauthorized access to a network by limiting the number of MAC addresses that can be learned on a port.

When the maximum number of MAC addresses is exceeded, the port security feature triggers a security violation. By default, the switchport port-security violation command is set to shutdown the port, which disables the port and sends an SNMP trap to the network administrator.

In this scenario, the question is asking which command must be configured to increment the security-violation count and forward an SNMP trap.

Option A - switchport port-security violation access: This command is used to set the violation mode to restrict, which allows traffic from a limited number of MAC addresses. It does not increment the security-violation count or forward an SNMP trap.

Option B - switchport port-security violation protect: This command is used to set the violation mode to protect, which drops traffic from a limited number of MAC addresses. It does not increment the security-violation count or forward an SNMP trap.

Option C - switchport port-security violation restrict: This command is used to set the violation mode to restrict, which allows traffic from a limited number of MAC addresses. It does not increment the security-violation count but can be configured to forward an SNMP trap using the snmp-server enable traps command.

Option D - switchport port-security violation shutdown: This command is the default violation mode and is used to disable the port and send an SNMP trap when the maximum number of MAC addresses is exceeded.

Therefore, the correct answer is D - switchport port-security violation shutdown. This command is used to increment the security-violation count and forward an SNMP trap when the maximum number of MAC addresses is exceeded.