1-7
The WX3000 series devices do not support the ntkonly NTK feature.
Follow these steps to configure the intrusion protection feature:
To do… Use the command… Remarks
Enter system view system-view —
Enter Ethernet port view interface interface-type
interface-number —
Set the corresponding action to
be taken by the device when
intrusion protection is triggered
port-security intrusion-mode
{ disableport |
disableport-temporarily |
blockmac }
Required
By default, no action is taken
when intrusion protection is
triggered.
Return to system view quit —
Set the timer during which the
port remains disabled
port-security timer
disableport timer Optional
20 seconds by default
The port-security timer disableport command is used in conjunction with the port-security
intrusion-mode disableport-temporarily command to set the length of time during which the port
remains disabled.
If you configure the NTK feature and execute the port-security intrusion-mode blockmac command
on the same port, the device will be unable to disable the packets whose destination MAC address is
illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets
whose destination MAC address is illegal.
Follow these steps to configure port security trapping: