Configuring intrusion protection

About intrusion protection

Intrusion protection enables a device to take one of the following actions in response to illegal frames:

Restrictions and guidelines

On a port operating in either macAddressElseUserLoginSecure mode or macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC authentication and 802.1X authentication fail for the same frame.

Procedure

  1. Enter system view.

    system-view

  2. Enter interface view.

    interface interface-type interface-number

  3. Configure the intrusion protection feature.

    port-security intrusion-mode { blockmac | disableport | disableport-temporarily }

    By default, intrusion protection is disabled.

  4. (Optional.) Set the silence timeout period during which a port remains disabled.

    1. quit

    2. port-security timer disableport time-value

    By default, the port silence timeout period is 20 seconds.