Port-Security Intrusion-Mode - HP 3600 v2 Series Command Reference Manual

Default level
2: System level
Parameters
None
Description
Use the port-security enable command to enable port security.
Use the undo port-security enable command to disable port security.
By default, port security is disabled.
You must disable global 802.1X and MAC authentication before you enable port security on a port.
Enabling or disabling port security resets the following security settings to the default:
802.1X access control mode is MAC-based, and the port authorization state is auto.
•
Port security mode is noRestrictions.
•
You cannot disable port security when online users are present.
Related commands: display port-security, dot1x, dot1x port-method, dot1x port-control, and
mac-authentication.
Examples
# Enable port security.
<Sysname> system-view
[Sysname] port-security enable

port-security intrusion-mode

Syntax
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
undo port-security intrusion-mode
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and
discards frames with blocked source MAC addresses. This implements illegal traffic filtering on the port.
A blocked MAC address is restored to normal after being blocked for three minutes, which is fixed and
cannot be changed. To view the blocked MAC address list, use the display port-security mac-address
block command.
disableport: Disables the port permanently upon detecting an illegal frame received on the port.
disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal
frame. Use the port-security timer disableport command to set the period.
175