Enabling port security traps, Configuring port security for wlan ports, Configuration guidelines – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

229

Step Command

Remarks

3.

Configure the intrusion

protection feature.

port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }

By default, intrusion protection is
disabled.
The disableport keyword is not
supported on the WLAN-ESS port.

4.

Return to system view.

quit

N/A

5.

Set the silence timeout period
during which a port remains

disabled.

port-security timer disableport
time-value

Optional.
20 seconds by default

Enabling port security traps

You can configure the port security module to send traps for the following categories of events:

•

addresslearned—Learning of new MAC addresses.

•

dot1xlogfailure/dot1xlogon/dot1xlogoff—802.1X authentication failure, success, and 802.1X
user logoff.

•

ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication failure, MAC authentication user
logon, and MAC authentication user logoff.

•

intrusion—Detection of illegal frames.

To enable port security traps:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable port security traps.

port-security trap { addresslearned
| dot1xlogfailure | dot1xlogoff |
dot1xlogon | intrusion |

ralmlogfailure | ralmlogoff |

ralmlogon }

By default, port security traps are
disabled.

Configuring port security for WLAN ports

Configuration guidelines

Table 12

describes the key negotiation and PSK requirements for different port security modes on WLAN

ports.