Command Manual – Port Security & Port Binding
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Commands
Huawei Technologies Proprietary
1-7
Note:
You can use the port-security timer disableport command to set the time period
during which the port is disconnected in the disableport-temporarily mode
Description
Use the port-security intrusion-mode command to set the corresponding action to be
taken by the device when the Intrusion Protection feature is enabled.
Use the undo port-security intrusion-mode command to cancel the corresponding
action that has been set.
By default, no action is set to be taken by the device when the Intrusion Protection
feature is enabled.
Note:
By checking the source MAC addresses or the username and password for 802.1x
authentication in the inbound packets through a given port, intrusion protection detects
illegal packets and events and takes actions accordingly. These include disconnecting
ports temporarily/permanently and filtering packets with the MAC address, thereby
ensuring port security.
Intrusion Protection is enabled in the following cases:
z With MAC address learning disabled, the port receives the packets whose source
address is an unknown MAC address.
z When the number of MAC addresses that can be received through the port reaches
the preset maximum value, the port receives the packets whose source address is
an unknown MAC address.
z The user fails to pass 802.1x authentication or MAC address authentication.
After you have issued the intrusion-mode blockmac command, you can only use the
display port-security command to display blocked MAC addresses, which cannot be
configured as static MAC addresses again.
Example
# Enter system view.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
# Enable port security.
[Quidway] port-security enable
To Next Page
Loading...
