Port Security Modes - H3C S5600 Series Operation Manual
Hide thumbs
Also See for H3C S5600 Series:
- Operation manual (1218 pages) ,
- Configuration (313 pages) ,
- Operation manual (1096 pages)
Table of Contents
Advertisement
Operation Manual – Port Security-Port Binding
H3C S5600 Series Ethernet Switches
Intrusion protection feature: By checking the source MAC addresses in inbound
data frames or the username and password in 802.1x authentication requests on
the port, intrusion protection detects illegal packets or events and takes a pre-set
action accordingly. The actions you can set include: disconnecting the port
temporarily/permanently, and blocking packets with the MAC address specified as
illegal.
Trap feature: When special data packets (generated from illegal intrusion,
abnormal login/logout or other special activities) are passing through the switch
port, Trap feature enables the switch to send Trap messages to help the network
administrator monitor special activities.
1.1.3 Port Security Modes
Table 1-1
Table 1-1 Description of port security modes
Security mode
noRestriction
autolearn
secure
userlogin
describes the available port security modes:
In this mode, access to the port is not
restricted.
In this mode, the port automatically
learns MAC addresses and changes
them to security MAC addresses.
This security mode will automatically
change to the secure mode after the
amount of security MAC addresses on
the port reaches the maximum number
configured with the port-security
max-mac-count command.
After the port security mode is
changed to the secure mode, only
those packets whose source MAC
addresses are security MAC
addresses learned or dynamic MAC
addresses configured can pass
through the port.
In this mode, the port is disabled from
learning MAC addresses.
Only those packets whose source
MAC addresses are security MAC
addresses learned and static or
dynamic MAC addresses can pass
through the port.
In this mode, port-based 802.1x
authentication is performed for access
users.
Chapter 1 Port Security Configuration
Description
1-2
Feature
In this mode, neither
the NTK nor the
intrusion protection
feature is triggered.
In either mode, the
device will trigger
NTK and intrusion
protection upon
detecting an illegal
packet.
In this mode, neither
NTK nor intrusion
protection will be
triggered.
Advertisement
Chapters
Table of Contents
Troubleshooting
