1-9Configuring Intrusion ProtectionThe intrusion protection enables a device to perform either of the following security policies when itdetects illegal frames:z blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC addresses listand discards frames with blocked source MAC addresses. A blocked MAC address is restored tonormal after being blocked for three minutes, which is fixed and cannot be changed.z disableport: Disables the port permanently.z disableport-temporarily: Disables the port for a specified period of time. Use the port-securitytimer disableport command to set the period.Follow these steps to configure the intrusion protection feature:To do… Use the command… RemarksEnter system view system-view —Enter interface view interface interface-typeinterface-number —Configure the intrusion protectionfeatureport-security intrusion-mode{ blockmac | disableport |disableport-temporarily }RequiredBy default, intrusion protection isdisabled.Return to system view quit —Set the silence timeout duringwhich a port remains disabledport-security timer disableporttime-valueOptional20 seconds by defaultOn a port operating in either the macAddressElseUserLoginSecure mode or themacAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MACauthentication and 802.1X authentication for the same frame fail.Configuring TrappingThe trapping feature enables a device to send trap information in response to four types of events:z addresslearned: A port learns a new address.z dot1xlogfailure/dot1xlogon/dot1xlogoff: A port learns 802.1x authentication failure/successful802.1x authentication/802.1x user logoff.z ralmlogfailure/ralmlogoff: A port learns MAC authentication failure/MAC authentication userlogoff.z intrusion: A port learns illegal frames.Follow these steps to configure port security trapping:To do… Use the command… RemarksEnter system view system-view —Enable port securitytrapsport-security trap { addresslearned |dot1xlogfailure | dot1xlogoff | dot1xlogon| intrusion | ralmlogfailure | ralmlogoff |ralmlogon }RequiredBy default, no port security trap isenabled.