Configuring intrusion protection, Configuring trapping – H3C Technologies H3C S7500E Series Switches User Manual
Page 178
9-10
Configuring Intrusion Protection
The intrusion protection enables a device to take one of the following actions in response to illegal
frames:
z
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC addresses list
and discards the frames. All subsequent frames sourced from a blocked MAC address will be
dropped. A blocked MAC address is restored to normal state after being blocked for three minutes.
The interval is fixed and cannot be changed.
z
disableport: Disables the port until you bring it up manually.
z
disableport-temporarily: Disables the port for a specified period of time. The period can be
configured with the port-security timer disableport command.
Follow these steps to configure the intrusion protection feature:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure the intrusion protection
feature
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
Required
By default, intrusion protection is
disabled.
Return to system view
quit
—
Set the silence timeout period
during which a port remains
disabled
port-security timer disableport
time-value
Optional
20 seconds by default
On a port operating in either the macAddressElseUserLoginSecure mode or the
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC
authentication and 802.1X authentication for the same frame fail.
Configuring Trapping
The trapping feature enables a device to send traps in response to four types of events:
z
addresslearned: Learning of new MAC addresses.
z
dot1xlogfailure/dot1xlogon/dot1xlogoff: 802.1X authentication failure/successful 802.1X
authentication/802.1X user logoff.
z
ralmlogfailure/ralmlogon/ralmlogoff: MAC authentication failure/MAC authentication user
logon/MAC authentication user logoff.