The WX3000 series devices do not support the ntkonly NTK feature.

Configuring intrusion protection

Follow these steps to configure the intrusion protection feature:

 

 

To do…

 

Use the command…

 

Remarks

 

 

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

 

 

 

Enter Ethernet port view

 

interface interface-type

 

 

 

 

 

interface-number

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Set the corresponding action to

 

port-security intrusion-mode

 

Required

 

 

 

 

 

By default, no action is taken

 

 

 

be taken by the device when

 

{ disableport

 

 

 

 

 

disableport-temporarily

 

when intrusion protection is

 

 

 

intrusion protection is triggered

 

 

 

 

 

 

blockmac }

 

triggered.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Return to system view

 

quit

 

 

 

 

 

 

 

 

 

 

 

 

Set the timer during which the

 

port-security timer

 

Optional

 

 

 

port remains disabled

 

disableport timer

 

20 seconds by default

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The port-security timer disableport command is used in conjunction with the port-security intrusion-mode disableport-temporarily command to set the length of time during which the port remains disabled.

If you configure the NTK feature and execute the port-securityintrusion-mode blockmac command on the same port, the device will be unable to disable the packets whose destination MAC address is illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets whose destination MAC address is illegal.

Configuring the Trap feature

Follow these steps to configure port security trapping:

1-7

Page 144
Image 144
3Com WX3000 operation manual Configuring intrusion protection, Configuring the Trap feature