Configuring intrusion protection, Configuring trapping, Configuring secure mac addresses – H3C Technologies H3C WX6000 Series Access Controllers User Manual

19-8

To do…

Use the command…

Remarks

Configure the NTK feature

port-security ntk-mode

{ ntk-withbroadcasts |
ntk-withmulticasts

| ntkonly }

Required
Be default, NTK is disabled on a port and
all frames are allowed to be sent.

Configuring Intrusion Protection

Follow these steps to configure the intrusion protection feature:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-type

interface-number

—

Configure the intrusion protection
feature

port-security intrusion-mode

{ blockmac | disableport |
disableport-temporarily

}

Required
By default, intrusion protection is
disabled.

Return to system view

quit

—

Set the silence timeout during
which a port remains disabled

port-security timer

disableport

time-value

Optional
20 seconds by default

If you configure the port-security intrusion-mode command with the disableport-temporarily
keyword, you can use the port-security timer disableport command to set the silence timeout during
which a port remains disabled.

Configuring Trapping

Follow these steps to configure port security trapping:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable port security
traps

port-security trap

{ addresslearned | dot1xlogfailure |

dot1xlogoff

| dot1xlogon | intrusion | ralmlogfailure |

ralmlogoff

| ralmlogon }

Required
By default, no port security
trap is enabled.

Configuring Secure MAC Addresses

Secure MAC addresses are special MAC addresses. They never age out or get lost if saved before the
device restarts. One secure MAC address can be added to only one port in the same VLAN. Thus, you
can bind a MAC address to one port in the same VLAN.