Hello, yes take the Vlan 1 out and do a shutdown on that vlan so it can not be used.
for the question about port security it is due to a Mac address already learned on that port. Dont let all the other items **** you into thinking something else. If it is shut down then it was in violation of the security setup on that port. that MAC can be assigned to many different ports but when a new MAC address is put on it, the port will shut down if that is hot it is set up.
Also for the unused port, do a shutdown on them. I been pulling out unsed switches and shutting down the ports that are not used, but the best thing i did was change the password so only myself and the IT manager knows it. this makes me feel a lot safer about the network now.
as for adding the mac address into the port security i usually wont do that, to much work, just plug the machine into the switch and let the switch learn the MAC address to set it self up to shut down if it goes into a violation.
I dont like to park them, then someone might be able to do something to the switch, just do a shutdown to prevent anyone from plugging anything into the switch and getting a good port.
Why make it any eaiser on them at all.
I have googling for answer for 1st question and i founded at Todd Lamle site-forum this:
The answer is "A"
When you are using port security, this is local to the switch.
If that MAC address is learned on another port "on the same switch", it will not be allowed in another port on that same switch.
I'm confused ...
For the first question,
f0/2-- host A 0001.96E0.BABA
f0/3-- host B 0003.E472.A209
I enabled port-security on f0/2 and f0/3, violation shutdown
set "switchport port-security mac-address 0001.96E0.BABA" on f0/3... nothing happened even those host A is connected to f0/2 and link is up
then I tried "switchport port-security mac-address 0001.96E0.BABA" on f0/3 and got an error
"Found duplicate mac-address 0001.96e0.baba."
So the same mac address cannot be assigned to different ports for port-security.
And plugging in a device with mac address set on a different port doesn't hurt anything?
let's rule out the incorrect answers:
3. The minimum MAC threshold has been reached.
There is no minimum threshold BUT a maximum number of secured addresses
4. The absolute aging time for denied MAC address have expired.
By default aging time is 0 which means never age out but let's suppose we have modified this then when the secured address is aged out and there is a frame with this source address coming on the port then it will be again inserted in the TCAM as secured.
2.The denied MAC address are statically configured on the port.
if an address is statically configured as secure then it won't be denied but accepted
So that leaves us answer 1 as correct because if you have a host with MAC A on port f0/1 marked as secured then when moving this host to another port you'll have a MAC move violation