HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 125

Default Intrusion protection is disabled. Views Ethernet interface view Predefined user roles network-admin Parameters blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and discards frames with blocked source MAC addresses. This action implements illegal traffic filtering on the port. A blocked MAC address is restored to normal after being blocked for three minutes, which is not user configurable. To view the blocked MAC address list, use the display port-security mac-address block command. disableport: Disables the port permanently upon detecting an illegal frame received on the port. disableport-temporarily: Disables the port for a specific period of time whenever it receives an illegal frame. Use port-security timer disableport to set the period. Usage guidelines To restore the connection of the port disabled by the intrusion protection feature, use the undo shutdown command. Examples # Configure port Ten-GigabitEthernet 1/1/6 to block the source MAC addresses of illegal frames after intrusion protection detects the illegal frames. system-view [Sysname] interface ten-gigabitethernet 1/1/6 [Sysname-Ten-GigabitEthernet1/1/6] port-security intrusion-mode blockmac Related commands • display port-security • display port-security mac-address block • port-security timer disableport port-security mac-address security Use port-security mac-address security to add a secure MAC address. Use undo port-security mac-address security to remove a secure MAC address. Syntax In Ethernet interface view: port-security mac-address security [ sticky ] mac-address vlan vlan-id undo port-security mac-address security [ sticky ] mac-address vlan vlan-id In system view: port-security mac-address security [ sticky ] mac-address interface interface-type interface-number vlan vlan-id 116