Overview

A port interrupted with unauthorized mac-address or invalid user is blocked and goes to nonresponding status. The disable timer starts after intrusion detection when the port is in nonresponding state. The port security auto recovery feature allows the interface or port to automatically come up after the timer expires. Static, configured, port-access learn mode, and limited continuous modes can be configured with disable timer.

NOTE:
  • If you configure the value of disable-timer as zero, the timer is disabled.
  • In continuous mode, the send-disable action cannot be configured, and you cannot set the disable timer.
  • When port-security is enabled with MAC, LOCAL-MAC, and dot1x, only port-access learn mode must be enabled.

Prerequisites:

  • Set the action for disable-timer to send-disable.
  • The disable-timer must be enabled manually by the user for the port.

Requirements:

  • dot1x client
  • mac client
  • Switch
  • Windows

Limitations:

  • The disable-timer must be enabled manually by the user for the port.
  • If the port is nonfunctional, you cannot change the disable-timer value. You can configure the disable-timer with value to zero.
  • You cannot execute the port-securtiy <port-num> disable-timer<Value> command, if the port goes to nonresponding state.