1-9
authentication of a user fails, the blocking MAC address feature will be triggered and packets of the
user will be dropped, making the user unable to access the guest VLAN.
Examples
# Set the security mode of port Ethernet 1/0/1 to
macAddressOrUserLoginSecure
, and specify VLAN
100 as the guest VLAN of the port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security port-mode userlogin-secure-or-mac
[Sysname-Ethernet1/0/1] port-security guest-vlan 100
port-security intrusion-mode
Syntax
port-security intrusion-mode
{
blockmac
|
disableport
|
disableport-temporarily
}
undo port-security intrusion-mode
View
Ethernet port view
Parameters
blockmac
: Adds the source MAC addresses of illegal packets to the blocked MAC address list. As a
result, the packets sourced from the blocked MAC addresses will be filtered out. A blocked MAC
address will be unblocked three minutes (not user configurable) after the block action.
disableport
: Disables a port permanently once an illegal frame or event is detected on it.
disableport-temporarily
: Disables a port for a specified period of time after an illegal frame or event is
detected on it. You can set the period with the
port-security timer disableport
command.
Description
Use the
port-security intrusion-mode
command to set intrusion protection.
Use the
undo port-security intrusion-mode
command to disable intrusion protection.
By default, intrusion protection is not configured.
Summary of Contents for 5500-EI PWR
Page 43: ...2 6...
Page 76: ...1 17...
Page 228: ...ii stp transmit limit 1 44 vlan mapping modulo 1 45 vlan vpn tunnel 1 46...
Page 477: ...5 24 Sysname vlan 2 Sysname vlan2 service type multicast...
Page 503: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23...
Page 519: ...iii...
Page 597: ...2 2 security policy server 192 168 0 1 user name format without domain...
Page 648: ...1 9 Examples Clear static ARP entries Sysname reset arp static...
Page 663: ...4 3 Sysname resilient arp interface vlan interface 2...
Page 767: ...1 28 From 12 00 Jan 1 2008 to 12 00 Jun 1 2008...
Page 1111: ...ii xmodem get 3 18...
Page 1314: ...A 44 Z...