Port-Security Mac-Address Aging-Type Inactivity - H3C MSR Series Command Reference Manual

Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and
discards frames with blocked source MAC addresses. This action implements illegal traffic filtering
on the port. A blocked MAC address is restored to normal after being blocked for 3 minutes, which is
not user configurable. To display the blocked MAC address list, use the display port-security
mac-address block command.
disableport: Disables the port permanently upon detecting an illegal frame received on the port.
disableport-temporarily: Disables the port for a period of time whenever it receives an illegal frame.
You can use the port-security timer disableport command to set the period.
Usage guidelines
This command is supported only on the following ports:
•
Layer 2 Ethernet ports on the following modules:
HMIM-8GSW.

HMIM-24GSW.

HMIM-24GSWP.

SIC-4GSW.

•
Fixed Layer 2 Ethernet ports on the following routers:
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-LM-HK/810-W-LM-HK/810-10-PoE/81

0-LMS/810-LUS.
MSR2600-10-X1.

MSR3600-28/3600-51.

MSR3600-28-SI/3600-51-SI.

To restore the connection of the port disabled by the intrusion protection feature, use the undo
shutdown command.
Examples
# Configure GigabitEthernet 1/0/1 to block the source MAC addresses of illegal frames after intrusion
protection detects the illegal frames.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port-security intrusion-mode blockmac
Related commands
display port-security
display port-security mac-address block
port-security timer disableport

port-security mac-address aging-type inactivity

Use port-security mac-address aging-type inactivity to enable inactivity aging for secure MAC
addresses.
Use undo port-security mac-address aging-type inactivity to disable inactivity aging for secure
MAC addresses.
216