Configuring intrusion protection
Intrusion protection enables a device to take one of the following actions in response to illegal frames:
blockmac—Adds the source MAC addresses of illegal frames to the blocked MAC addresses list and discards the frames. All subsequent frames sourced from a blocked MAC address are dropped. A blocked MAC address is restored to normal state after being blocked for 3 minutes. The interval is fixed and cannot be changed.
disableport—Disables the port until you bring it up manually.
disableport-temporarily—Disables the port for a specific period of time. The period can be configured with the port-security timer disableport command.
On a port operating in either the macAddressElseUserLoginSecure mode or the macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC authentication and 802.1X authentication fail for the same frame.
To configure the intrusion protection feature:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure the intrusion protection feature. | port-security intrusion-mode { blockmac | disableport | disableport-temporarily } | By default, intrusion protection is disabled. |
4. Return to system view. | quit | N/A |
5. Set the silence timeout period during which a port remains disabled. | port-security timer disableport time-value | Optional. 20 seconds by default. |