1-8Examples# Enable port security. system-viewSystem View: return to User View with Ctrl+Z.[Sysname] port-security enableNotice: The port-control of 802.1x will be restricted to auto when port-security is enabled.Please wait... Done.port-security intrusion-modeSyntaxport-security intrusion-mode { blockmac | disableport | disableport-temporarily }undo port-security intrusion-modeViewEthernet port viewParametersblockmac: Adds the source MAC addresses of illegal packets to the blocked MAC address list. As aresult, the packets sourced from the blocked MAC addresses will be filtered out. A blocked MACaddress will be unblocked three minutes (not user configurable) after the block action.disableport: Disables a port permanently once an illegal frame or event is detected on it.disableport-temporarily: Disables a port for a specified period of time after an illegal frame or event isdetected on it. You can set the period with the port-security timer disableport command.DescriptionUse the port-security intrusion-mode command to set intrusion protection.Use the undo port-security intrusion-mode command to disable intrusion protection.By default, intrusion protection is not configured.By checking the source MAC addresses in inbound data frames or the username and password in802.1x authentication requests on a port, intrusion protection detects illegal packets (packets withillegal MAC address) or events and takes a pre-set action accordingly. The actions you can set include:disconnecting the port temporarily/permanently and blocking packets with invalid MAC addresses.The following cases can trigger intrusion protection on a port:z A packet with unknown source MAC address is received on the port while MAC address learning isdisabled on the port.z A packet with unknown source MAC address is received on the port while the amount of securityMAC addresses on the port has reached the preset maximum number.z The user fails the 802.1x or MAC address authentication.