3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

191

192

193

194

195

196

197

198

199

200

Port Security Configuration 193

When a port works in the userlogin-secure-else-mac-ext mode or the

userlogin-secure-else-mac mode, for the same packet, intrusion protection can

be triggered only after both MAC authentication and 802.1x authentication fail.

Port Security

Configuration

Configuring Port

Security

After the port-security intrusion-mode disableport-temporarily command is

executed on a port, the time set by the port-security timer disableport timer

command determines how long the port can be temporarily disabled.

Table 123 Configure port security

Operation Command Description

Enter system view system-view -

Enable port security port-security enable Required

Set OUI value for user

authentication

port-security oui OUI-value

index index-value

Optional

Enable the sending of specific

types of trap messages

port-security trap {

addresslearned | intrusion |

dot1xlogon | dot1xlogoff |

dot1xlogfailure | ralmlogon

| ralmlogoff | ralmlogfailure

Optional

By default, the sending of trap

messages is disabled.

Enter Ethernet port view

interface interface-type

interface-number

Set the security mode of the

port

port-security port-mode

mode

Required

You can choose a mode as

required.

Set the maximum number of

MAC addresses allowed on

the port

port-security

max-mac-count count-value

Optional

By default, there is no limit on

the number of MAC

addresses.

Set the NTK transmission

mode

port-security ntk-mode {

ntkonly |

ntk-withbroadcasts |

ntk-withmulticasts }

Required

By default, no packet

transmission mode of the NTK

feature is set on the port.

Set the action to be taken

after intrusion protection is

triggered.

port-security

intrusion-mode {

disableport |

disableport-temporarily |

blockmac }

Required

By default, no specific

intrusion detection mode is

configured.

Configure the port to ignore

the authorization information

delivered from the RADIUS

server

port-security authorization

ignore

Optional

By default, the authorization

information delivered by the

server is applied to the port.

Return to system view quit -

Set the time during which a

port is temporarily disabled

port-security timer

disableport timer

Optional

By default, it is 20 seconds.