Configuring intrusion protection
About intrusion protection
Intrusion protection enables a device to take one of the following actions in response to illegal frames:
blockmac—Adds the source MAC addresses of illegal frames to the blocked MAC address list and discards the frames. All subsequent frames sourced from a blocked MAC address are dropped. A blocked MAC address is restored to normal state after being blocked for 3 minutes. The interval is fixed and cannot be changed.
disableport—Disables the port until you bring it up manually.
disableport-temporarily—Disables the port for a period of time. The period can be configured with the port-security timer disableport command.
Restrictions and guidelines
On a port operating in either macAddressElseUserLoginSecure mode or macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC authentication and 802.1X authentication fail for the same frame.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Configure the intrusion protection feature.
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
By default, intrusion protection is disabled.
(Optional.) Set the silence timeout period during which a port remains disabled.
quit
port-security timer disableport time-value
By default, the port silence timeout period is 20 seconds.