Configuring intrusion protection

Intrusion protection enables a device to take one of the following actions in response to illegal frames:

On a port operating in either the macAddressElseUserLoginSecure mode or the macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC authentication and 802.1X authentication for the same frame fail.

To configure the intrusion protection feature:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

3. Configure the intrusion protection feature.

port-security intrusion-mode { blockmac | disableport | disableport-temporarily }

By default, intrusion protection is disabled.

4. Return to system view.

quit

N/A

5. Set the silence timeout period during which a port remains disabled.

port-security timer disableport time-value

Optional.

20 seconds by default.