HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 140

View Layer 2 Ethernet interface view Default level 2: System level Parameters blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and discards frames with blocked source MAC addresses. This implements illegal traffic filtering on the port. A blocked MAC address is restored to normal after being blocked for three minutes, which is fixed and cannot be changed. To view the blocked MAC address list, use the display port-security mac-address block command. disableport: Disables the port permanently upon detecting an illegal frame received on the port. disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal frame. Use port-security timer disableport to set the period. Description Use port-security intrusion-mode to configure the intrusion protection feature so that the port takes the pre-defined actions when intrusion protection is triggered on the port. Use undo port-security intrusion-mode to restore the default. By default, intrusion protection is disabled. To restore the connection of the port, use the undo shutdown command. Related commands: display port-security, display port-security mac-address block, and port-security timer disableport. Examples # Configure port GigabitEthernet 1/0/1 to block the source MAC addresses of illegal frames after intrusion protection is triggered. system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port-security intrusion-mode blockmac port-security mac-address aging-type inactivity Syntax port-security mac-address aging-type inactivity undo port-security mac-address aging-type inactivity View Layer 2 Ethernet interface view Default level 2: System level Parameters None 131