3com 4210 PWR 9-Port 3CR17341-91-ME 用户手册
产品代码
3CR17341-91-ME
Port Security Configuration
127
■
After you set the port security mode to autolearn, you cannot configure any
static or blackhole MAC addresses on the port.
static or blackhole MAC addresses on the port.
■
If the port is in a security mode other than noRestriction, before you can
change the port security mode, you need to restore the port security mode to
noRestriction with the undo port-security port-mode command.
change the port security mode, you need to restore the port security mode to
noRestriction with the undo port-security port-mode command.
If the port-security port-mode mode command has been executed on a port,
none of the following can be configured on the same port:
none of the following can be configured on the same port:
■
Maximum number of MAC addresses that the port can learn
■
Reflector port for port mirroring
■
Link aggregation
Configuring Port
Security Features
Configuring the NTK feature
Configuring intrusion protection
n
The port-security timer disableport command is used in conjunction with the
port-security intrusion-mode disableport-temporarily command to set the
length of time during which the port remains disabled.
port-security intrusion-mode disableport-temporarily command to set the
length of time during which the port remains disabled.
c
Caution: If you configure the NTK feature and execute the port-security
intrusion-mode blockmac command on the same port, the switch will be unable
to disable the packets whose destination MAC address is illegal from being sent
out that port; that is, the NTK feature configured will not take effect on the
packets whose destination MAC address is illegal.
intrusion-mode blockmac command on the same port, the switch will be unable
to disable the packets whose destination MAC address is illegal from being sent
out that port; that is, the NTK feature configured will not take effect on the
packets whose destination MAC address is illegal.
Table 82 Configure the NTK feature
Operation
Command
Remarks
Enter system view
system-view
-
Enter Ethernet port view
interface interface-type
interface-number
interface-number
-
Configure the NTK feature
port-security ntk-mode {
ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }
ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }
Required
Be default, NTK is disabled on
a port, namely all frames are
allowed to be sent.
a port, namely all frames are
allowed to be sent.
Table 83 Configure the intrusion protection feature
Operation
Command
Remarks
Enter system view
system-view
-
Enter Ethernet port view
interface interface-type
interface-number
interface-number
-
Set the corresponding action
to be taken by the switch
when intrusion protection is
triggered
to be taken by the switch
when intrusion protection is
triggered
port-security
intrusion-mode { blockmac
| disableport |
disableport-temporarily}
intrusion-mode { blockmac
| disableport |
disableport-temporarily}
Required
By default, intrusion
protection is disabled.
protection is disabled.
Return to system view
quit
-
Set the timer during which
the port remains disabled
the port remains disabled
port-security timer
disableport timer
disableport timer
Optional
20 seconds by default