The intrusion protection feature checks the source MAC addresses in inbound frames and takes a
pre-defined action accordingly upon detecting illegal frames. The action may be disabling the port
temporarily, disabling the port permanently, or blocking frames from the MAC address for three minutes
The trap feature enables the device to send trap messages upon detecting specified frames that result
from, for example, intrusion or user login/logout operations, helping you monitor special activities.
Port Security Modes
The port security modes can be two types:
Control of MAC addresses learning: Contains two modes. MAC address learning is permitted on a
port in one mode and disabled in the other mode. Authentication is not involved.
Authentication: Security modes of this type use MAC authentication, or 802.1X authentication or
their combinations to implement authentication.
Upon receiving a packet, the port in a security mode searches the MAC address table for the source
MAC address. If a match is found, the port forwards the packet. If no match is found, the port learns the
MAC address or performs authentication according to the security mode. Upon detecting illegal packets
or events, the port takes the pre-defined action configured in NTK, intrusion protection or trap sending.
describes the port security modes and the security features.
Table 1-1 Port security modes
On the port, if you want to...
Use the default
Control MAC address learning
Perform 802.1X authentication
Perform MAC authentication
Perform a combination of MAC
authentication and 802.1X
Use the security mode...
In this mode, port security is disabled on the port and
access to the port is not restricted.