3Com 5500-EI PWR Reference Manual page 185

By checking the source MAC addresses in inbound data frames or the username and password in
802.1x authentication requests on a port, intrusion protection detects illegal packets (packets with
illegal MAC address) or events and takes a pre-set action accordingly. The actions you can set include:
disconnecting the port temporarily/permanently and blocking packets with invalid MAC addresses.
The following cases can trigger intrusion protection on a port:
A packet with unknown source MAC address is received on the port while MAC address learning is
disabled on the port.
A packet with unknown source MAC address is received on the port while the amount of security
MAC addresses on the port has reached the preset maximum number.
The user fails the 802.1x or MAC address authentication.
After executing the port-security intrusion-mode blockmac command, you can only use the display
port-security command to view blocked MAC addresses.
Related commands: display port-security, port-security timer disableport.
Examples
# Configure the intrusion protection mode on Ethernet 1/0/1 as blockmac.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security intrusion-mode blockmac
# Display information about blocked MAC addresses after intrusion protection is triggered.
<Sysname> display port-security
Equipment port-security is enabled
AddressLearn trap is Enabled
Intrusion trap is Enabled
Dot1x logon trap is Enabled
Dot1x logoff trap is Enabled
Dot1x logfailure trap is Enabled
RALM logon trap is Enabled
RALM logoff trap is Enabled
RALM logfailure trap is Enabled
Disableport Timeout: 20 s
OUI value:
Index is 5,
Blocked Mac info:
MAC ADDR
--- On unit 1, 2 blocked mac address(es) found. ---
0000-0000-0003
0000-0000-0004
--- 2 blocked mac address(es) found. ---
Ethernet1/0/1 is link-up
Port mode is Secure
OUI value is 000100
From Port
Ethernet1/0/1
Ethernet1/0/1
Vlan
1
1
1-10