Port-Security Intrusion-Mode - 3Com 5500-EI PWR Reference Manual

authentication of a user fails, the blocking MAC address feature will be triggered and packets of the
user will be dropped, making the user unable to access the guest VLAN.
Examples
# Set the security mode of port Ethernet 1/0/1 to macAddressOrUserLoginSecure, and specify VLAN
100 as the guest VLAN of the port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security port-mode userlogin-secure-or-mac
[Sysname-Ethernet1/0/1] port-security guest-vlan 100

port-security intrusion-mode

Syntax
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
undo port-security intrusion-mode
View
Ethernet port view
Parameters
blockmac: Adds the source MAC addresses of illegal packets to the blocked MAC address list. As a
result, the packets sourced from the blocked MAC addresses will be filtered out. A blocked MAC
address will be unblocked three minutes (not user configurable) after the block action.
disableport: Disables a port permanently once an illegal frame or event is detected on it.
disableport-temporarily: Disables a port for a specified period of time after an illegal frame or event is
detected on it. You can set the period with the port-security timer disableport command.
Description
Use the port-security intrusion-mode command to set intrusion protection.
Use the undo port-security intrusion-mode command to disable intrusion protection.
By default, intrusion protection is not configured.
1-9