A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.
What two catalyst switch security features will prevent further violations? (Choose two)
A . DHCP Snooping
B . 802.1AE MacSec
C . Port security
D . IP Device tracking
E . Dynamic ARP inspection
F . Private VLANs
Answer: A, E
Explanation:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/
config_guide_c17-663759.html
DHCP snooping is fully compatible with MAB and should be enabled as a best practice.
Dynamic Address Resolution Protocol (ARP) Inspection (DAI) is fully compatible with MAB and should be enabled as a best practice.
In general, Cisco does not recommend enabling port security when MAB is also enabled.
Since MAB enforces a single MAC address per port (or per VLAN when multidomain authentication is
configured for IP telephony), port security is largely redundant and may in some cases interfere with the expected operation of MAB.
Leave a Reply