blockmac—Adds the source MAC addresses of illegal frames to the blocked MAC addresses list
•
and discards the frames. All subsequent frames sourced from a blocked MAC address will be
dropped. A blocked MAC address is restored to normal state after being blocked for three minutes.
The interval is fixed and cannot be changed.
•
disableport—Disables the port until you bring it up manually.
disableport-temporarily—Disables the port for a specific period of time. The period can be
•
configured with the port-security timer disableport command.
On
a
port
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC
authentication and 802.1X authentication for the same frame fail.
Follow these steps to configure the intrusion protection feature:
To do...
Enter system view
Enter Layer 2 Ethernet interface
view
Configure the intrusion protection
feature
Return to system view
Set the silence timeout period
during which a port remains
disabled
Enabling port security traps
You can configure the port security module to send traps for the following categories of events:
•
addresslearned—Learning of new MAC addresses.
dot1xlogfailure/dot1xlogon/dot1xlogoff—802.1X authentication failure, success, and 802.1X
•
user logoff.
ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication failure, MAC authentication user
•
logon, and MAC authentication user logoff.
intrusion—Detection of illegal frames.
•
Follow these steps to enable port security traps:
To do...
Enter system view
Enable port security traps
operating
in
either
Use the command...
system-view
interface interface-type
interface-number
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
quit
port-security timer disableport
time-value
Use the command...
system-view
port-security trap { addresslearned
| dot1xlogfailure | dot1xlogoff |
dot1xlogon | intrusion |
ralmlogfailure | ralmlogoff |
ralmlogon }
the
macAddressElseUserLoginSecure
207
mode
Remarks
—
—
Required
By default, intrusion protection is
disabled.
—
Optional
20 seconds by default
Remarks
—
Required
By default, port security traps are
disabled.
or
the