Configuring port security features, Configuring the ntk feature, Configuring intrusion protection – H3C Technologies H3C S3600 Series Switches User Manual

1-11

Configuring Port Security Features

Configuring the NTK feature

Follow these steps to configure the NTK feature:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Configure the NTK feature

port-security ntk-mode
{ ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }

Required

By default, NTK is disabled on
a port, namely all frames are
allowed to be sent.

Configuring intrusion protection

Follow these steps to configure the intrusion protection feature:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Set the corresponding action to
be taken by the switch when
intrusion protection is triggered

port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }

Required

By default, intrusion
protection is disabled.

Return to system view

quit

—

Set the timer during which the
port remains disabled

port-security timer disableport
timer

Optional

20 seconds by default

The port-security timer disableport command is used in conjunction with the port-security

intrusion-mode disableport-temporarily command to set the length of time period during which the

port remains disabled.

If you configure the NTK feature and execute the port-security intrusion-mode blockmac command

on the same port, the switch will be unable to disable the packets whose destination MAC address is

illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets

whose destination MAC address is illegal.