beautypg.com

Configuring secure mac addresses – H3C Technologies H3C S6300 Series Switches User Manual

Page 165

background image

150

A blocked MAC address is restored to normal state after being blocked for 3 minutes. The interval

is fixed and cannot be changed.

disableport—Disables the port until you bring it up manually.

disableport-temporarily—Disables the port for a specific period of time. The period can be

configured with the port-security timer disableport command.

To configure the intrusion protection feature:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet
interface view.

interface interface-type
interface-number

N/A

3.

Configure the intrusion
protection feature.

port-security intrusion-mode
{ blockmac | disableport |

disableport-temporarily }

By default, intrusion protection is
disabled.

4.

Return to system view.

quit

N/A

5.

(Optional.) Set the silence

timeout period during which a
port remains disabled.

port-security timer disableport

time-value

By default, the port silence timeout
is 20 seconds.

NOTE:

On a port operating in either macAddressElseUserLoginSecure mode or
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC

authentication and 802.1X authentication fail for the same frame.

Configuring secure MAC addresses

Secure MAC addresses are configured or learned in autoLearn mode. If they are saved, they can survive
a device reboot. You can bind a secure MAC address to only one port in a VLAN.
Secure MAC addresses include static and sticky secure MAC addresses.

Table 6 A comparison of static and sticky secure MAC addresses

Type

Address sources

Aging mechanism

Can be saved and

survive a device

reboot?

Static Manually

added

Not available.
They never age out unless you manually remove

them, change the port security mode, or disable
the port security feature.

Yes.

Sticky

Manually added or
automatically learned

by ports

Sticky MAC addresses by default do not age
out, but you can configure an aging timer to

delete old sticky MAC addresses. If you set the

aging timer to 0, sticky MAC addresses never

age out.

Yes.
The aging timer restarts
at a reboot.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: