3com S7906E Installationsanweisungen

 

1-9 

z 

blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC addresses list 

and discards frames with blocked source MAC addresses. A blocked MAC address is restored to 

normal after being blocked for three minutes, which is fixed and cannot be changed. 

z 

disableport: Disables the port permanently. 

z 

disableport-temporarily: Disables the port for a specified period of time. Use the port-security 

timer disableport command to set the period. 

Follow these steps to configure the intrusion protection feature: 

Enter system view 

— 

Enter interface view 

interface interface-type 
interface-number 

— 

Configure the intrusion 
protection feature 

port-security intrusion-mode 
{ blockmac | disableport | 
disableport-temporarily } 

Required 

By default, intrusion protection 
is disabled. 

Return to system view 

— 

Set the silence timeout during 
which a port remains disabled 

port-security timer 
disableport time-value 

Optional 

20 seconds by default 

 

On a port operating in either the macAddressElseUserLoginSecure mode or the 

macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC 

authentication and 802.1X authentication for the same frame fail.  

 

The trapping feature enables a device to send trap information in response to four types of events: 

z 

addresslearned: Learning of a new address. 

z 

dot1xlogfailure/dot1xlogon/dot1xlogoff: 802.1x authentication failure/successful 802.1x 

authentication/802.1x user logoff. 

z 

ralmlogfailure/ralmlogoff: MAC authentication failure/MAC authentication user logoff. 

z 

intrusion: Finding of illegal frames. 

Follow these steps to configure port security trapping: 

Enter system view 

— 

Enable port security traps 

port-security trap 
{ addresslearned | 
dot1xlogfailure | dot1xlogoff | 
dot1xlogon | intrusion | 
ralmlogfailure | ralmlogoff | 
ralmlogon } 

Required 

By default, no port security trap 
is enabled.