R3303-HP HSR6800 Routers Security Command Reference
188
Usage guidelines
You must disable global 802.1X and MAC authentications before you enable port security on a port.
Enabling or disabling port security resets the following security settings to the default:
• 802.1X access control mode is MAC-based, and the port authorization state is auto.
• Port security mode is noRestrictions.
You cannot disable port security when online users are present.
Examples
# Enable port security.
<Sysname> system-view
[Sysname] port-security enable
Related commands
• display port-security
• dot1x
• dot1x port-method
• dot1x port-control
• mac-authentication
port-security intrusion-mode
Use port-security intrusion-mode to configure the intrusion protection feature so that the port takes the
pre-defined actions when intrusion protection is triggered on the port.
Use undo port-security intrusion-mode to restore the default.
Syntax
port-security intrusion-mode { blockmac | disableport | disableport-temporarily }
undo port-security intrusion-mode
Default
Intrusion protection is disabled.
Views
Layer 2 Ethernet interface view
Default command level
2: System level
Parameters
blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and
discards frames with blocked source MAC addresses. This implements illegal traffic filtering on the port.
A blocked MAC address is restored to normal after being blocked for 3 minutes, which is fixed and
cannot be changed. To view the blocked MAC address list, use the display port-security mac-address
block command.
disableport: Disables the port permanently upon detecting an illegal frame received on the port.
disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal
frame. Use port-security timer disableport to set the period.