1-8
Configuring intrusion protection
Follow these steps to configure the intrusion protection feature:
To do... Use the command... Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Set the corresponding action to
be taken by the switch when
intrusion protection is triggered
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
Required
By default, intrusion
protection is disabled.
Return to system view
quit
—
Set the timer during which the
port remains disabled
port-security timer disableport
timer
Optional
20 seconds by default
The port-security timer disableport command is used in conjunction with the port-security
intrusion-mode disableport-temporarily command to set the length of time during which the port
remains disabled.
If you configure the NTK feature and execute the port-security intrusion-mode blockmac command
on the same port, the switch will be unable to disable the packets whose destination MAC address is
illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets
whose destination MAC address is illegal.
Configuring the Trap feature
Follow these steps to configure port security trapping:
To do... Use the command... Remarks
Enter system view
system-view
—
Enable sending traps for the
specified type of event
port-security trap { addresslearned |
dot1xlogfailure | dot1xlogoff | dot1xlogon |
intrusion | ralmlogfailure | ralmlogoff |
ralmlogon }
Required
By default, no
trap is sent.
Ignoring the Authorization Information from the RADIUS Server
After an 802.1x user or MAC-authenticated user passes Remote Authentication Dial-In User Service
(RADIUS) authentication, the RADIUS server delivers the authorization information to the device. You
can configure a port to ignore the authorization information from the RADIUS server.
To Next Page
Loading...
