Configuring port security features, Configuring the ntk feature, Configuring intrusion protection – H3C Technologies H3C S3100 Series Switches User Manual

1-7

If the port-security port-mode mode command has been executed on a port, none of the following can

be configured on the same port:

z

Maximum number of MAC addresses that the port can learn

z

Reflector port for port mirroring

z

Link aggregation

Configuring Port Security Features

Configuring the NTK feature

Follow these steps to configure the NTK feature:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Configure the NTK feature

port-security ntk-mode
{ ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }

Required

By default, NTK is disabled on
a port, namely all frames are
allowed to be sent.

Configuring intrusion protection

Follow these steps to configure the intrusion protection feature:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Set the corresponding action to
be taken by the switch when
intrusion protection is triggered

port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }

Required

By default, intrusion
protection is disabled.

Return to system view

quit

—

Set the timer during which the
port remains disabled

port-security timer disableport
timer

Optional

20 seconds by default

The port-security timer disableport command is used in conjunction with the port-security

intrusion-mode disableport-temporarily command to set the length of time during which the port

remains disabled.