3com 5500-ei pwr Installation Instruction
1-8
To do...
Use the command...
Remarks
Set the timer during which the
port remains disabled
port remains disabled
port-security timer disableport
timer
timer
Optional
20 seconds by default
The port-security timer disableport command is used in conjunction with the port-security
intrusion-mode disableport-temporarily command to set the length of time during which the port
remains disabled.
If you configure the NTK feature and execute the port-security intrusion-mode blockmac command
on the same port, the switch will be unable to disable the packets whose destination MAC address is
illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets
whose destination MAC address is illegal.
Configuring the Trap feature
Follow these steps to configure port security trapping:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enable sending traps for the
specified type of event
specified type of event
port-security trap { addresslearned |
dot1xlogfailure | dot1xlogoff | dot1xlogon |
intrusion | ralmlogfailure | ralmlogoff |
ralmlogon }
dot1xlogfailure | dot1xlogoff | dot1xlogon |
intrusion | ralmlogfailure | ralmlogoff |
ralmlogon }
Required
By default, no
trap is sent.
trap is sent.
Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode
Users fails the authentication can access certain specified VLAN. This VLAN is called guest VLAN. For
details about guest VLAN, refer to the sections covering 802.1x and System-Guard.
A port in macAddressOrUserLoginSecure mode supports guest VLAN configurations. The port can
connect multiple users; but services only one user at a time.
1) When the first user of the port initiates 802.1x or MAC address authentication:
z
If the user fails the authentication, the port is added to the guest VLAN, and all the other users of
the port are authorized to access the guest VLAN.
z
If the user passes the authentication, authentication requests from other users are not handled
because only one user is allowed to pass authentication using the port. The other users will fail the
authentication, but the port will not be added to the guest VLAN.
2) After the port is added to the guest VLAN: