Configuring Port
Security Features
Configuring NTK
Configuring Intrusion
Protection
Configuring Trapping
To do...
Set the port security
mode
n
On a port operating in either macAddressElseUserLoginSecure mode or
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only
after both MAC authentication and 802.1x authentication for the same frame fail.
Follow these steps to configure the NTK feature:
To do...
Enter system view
Enter Ethernet port view
Configure the NTK feature
Follow these steps to configure the intrusion protection feature:
To do...
Enter system view
Enter Ethernet port view
Configure the intrusion
protection feature
Return to system view
Set the silence timeout during
which a port remains disabled
n
If you configure the port-security intrusion-mode command with the
disableport-temporarily keyword, you can use the port-security timer
disableport command to set the silence timeout during which a port remains
disabled.
Follow these steps to configure port security trapping:
Use the command...
port-security port-mode
{ mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-ext | secure |
userlogin | userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext }
Use the command...
system-view
interface interface-type
interface-number
port-security ntk-mode
{ ntk-withbroadcasts |
ntk-withmulticasts |
ntkonly }
Use the command...
system-view
interface interface-type
interface-number
port-security
intrusion-mode { blockmac |
disableport |
disableport-temporarily }
quit
port-security timer
disableport time-value
Configuring Port Security Features
Remarks
Required
By default, a port
operates in
noRestrictions mode.
Remarks
-
-
Required
Be default, NTK is disabled on
a port and all frames are
allowed to be sent.
Remarks
-
-
Required
By default, intrusion
protection is disabled.
-
Optional
20 seconds by default
1167