题库里的Q136题到底应该选啥，马上就考试了，急！！

lzd13909

Question 136

What is valid reasonfor a switch to deny port access to new devices when port security is enabled?

A. The denied MACaddresses have already been learned or configured on another secure interfacein the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.

题库答案是B，（这个被拒绝的MAC地址是静态配制在端口上的）

别的网站上选A ，我也觉得A 更合适，还特地到CISCO 网站上验证了一下，求高手帮忙解释。

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html#wp1038546

A security violation occurs in either of these situations:

•When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.

•If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode