• dot1x port-control
• dot1x port-method
• mac-authentication
port-security intrusion-mode
Use port-security intrusion-mode to configure the intrusion protection feature so the port takes the
predefined actions when intrusion protection detects illegal frames on the port.
Use undo port-security intrusion-mode to restore the default.
Syntax
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
undo port-security intrusion-mode
Default
Intrusion protection is disabled.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and
discards frames with blocked source MAC addresses. This action implements illegal traffic filtering on the
port. A blocked MAC address is restored to normal after being blocked for three minutes, which is not
user configurable. To view the blocked MAC address list, use the display port-security mac-address
block command.
disableport: Disables the port permanently upon detecting an illegal frame received on the port.
disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal
frame. Use port-security timer disableport to set the period.
Usage guidelines
To restore the connection of the port disabled by the intrusion protection feature, use the undo shutdown
command.
Examples
# Configure port Ten-GigabitEthernet 1/0/1 to block the source MAC addresses of illegal frames after
intrusion protection detects the illegal frames.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-security intrusion-mode blockmac
124
To Next Page
Loading...
Need help?
General
