R3303-HP HSR6800 Routers Security Command Reference
189
Usage guidelines
To restore the connection of the port, use the undo shutdown command.
Examples
# Configure port GigabitEthernet 3/0/1 to block the source MAC addresses of illegal frames after
intrusion protection is triggered.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-security intrusion-mode blockmac
Related commands
• display port-security
• display port-security mac-address block
• port-security timer disableport
port-security mac-address aging-type inactivity
Use port-security mac-address aging type inactivity to enable inactivity aging for secure MAC
addresses (sticky or dynamic).
Use undo port-security mac-address aging type inactivity to restore the default.
Syntax
port-security mac-address aging-type inactivity
undo port-security mac-address aging-type inactivity
Default
The inactivity aging function is disabled.
Views
Layer 2 Ethernet interface view
Default command level
2: System level
Usage guidelines
If only an aging timer is configured, the aging timer counts up regardless of whether traffic data has been
sent from the sticky MAC address. When you use an aging timer together with the inactivity aging
function, the aging timer restarts once traffic data is detected from the sticky MAC address The inactivity
aging function prevents the unauthorized use of a secure MAC address when the authorized user is
offline, and removes outdated secure MAC addresses so new secure MAC addresses can be learned.
Examples
# Enable inactivity aging for secure MAC addresses on interface GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-security mac-address aging-type inactivity
Related commands
• port-security timer autolearn aging
• port-security mac-address dynamic