Configuring Intrusion Protection - 3Com 4210G Series Configuration Manual

ntk-withmulticasts: Forwards only frames destined for authenticated MAC addresses, multicast
addresses, or the broadcast address.
By default, NTK is disabled on a port and the port forwards all frames. With NTK configured, a port will
discard any unicast packet with an unknown MAC address no matter in which mode it operates.
Follow these steps to configure the NTK feature:
To do...
Enter system view
Enter interface view
Configure the NTK feature
Support for the NTK feature depends on the port security mode.

Configuring Intrusion Protection

The intrusion protection enables a device to perform either of the following security policies when it
detects illegal frames:
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC addresses list
and discards frames with blocked source MAC addresses. A blocked MAC address is restored to
normal after being blocked for three minutes, which is fixed and cannot be changed.
disableport: Disables the port permanently.
disableport-temporarily: Disables the port for a specified period of time. Use the port-security
timer disableport command to set the period.
Follow these steps to configure the intrusion protection feature:
To do...
Enter system view
Enter interface view
Configure the intrusion
protection feature
Return to system view
Set the silence timeout during
which a port remains disabled
Use the command...
system-view
interface interface-type
interface-number
port-security ntk-mode
{ ntk-withbroadcasts |
ntk-withmulticasts | ntkonly }
Use the command...
system-view
interface interface-type
interface-number
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
quit
port-security timer
disableport time-value
6-8
Remarks
—
—
Required
By default, NTK is disabled on
a port and all frames are
allowed to be sent.
Remarks
—
—
Required
By default, intrusion protection
is disabled.
—
Optional
20 seconds by default