Configuring intrusion protection

Intrusion protection enables a device to take one of the following actions in response to illegal frames:

To configure the intrusion protection feature:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Configure the intrusion protection feature.

port-security intrusion-mode { blockmac | disableport | disableport-temporarily }

By default, intrusion protection is disabled.

4. Return to system view.

quit

N/A

5. (Optional.) Set the silence timeout period during which a port remains disabled.

port-security timer disableport time-value

By default, the port silence timeout is 20 seconds.


[NOTE: ]

NOTE:

On a port operating in either macAddressElseUserLoginSecure mode or macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC authentication and 802.1X authentication fail for the same frame.