port-security intrusion-mode
Syntax
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
undo port-security intrusion-mode
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and discards frames with blocked source MAC addresses. This implements illegal traffic filtering on the port. A blocked MAC address is restored to normal after being blocked for three minutes, which is fixed and cannot be changed. To view the blocked MAC address list, use the display port-security mac-address block command.
disableport: Disables the port permanently upon detecting an illegal frame received on the port.
disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal frame. Use port-security timer disableport to set the period.
Description
Use port-security intrusion-mode to configure the intrusion protection feature so that the port takes the pre-defined actions when intrusion protection is triggered on the port.
Use undo port-security intrusion-mode to restore the default.
By default, intrusion protection is disabled.
To restore the connection of the port, use the undo shutdown command.
Related commands: display port-security, display port-security mac-address block, and port-security timer disableport.
Examples
# Configure port Ethernet 1/0/1 to block the source MAC addresses of illegal frames after intrusion protection is triggered.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] port-security intrusion-mode blockmac