1-9On a port operating in either the macAddressElseUserLoginSecure mode or themacAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MACauthentication and 802.1X authentication for the same frame fail.Configuring TrappingThe trapping feature enables a device to send trap information in response to four types of events:z addresslearned: A port learns a new address.z dot1xlogfailure/dot1xlogon/dot1xlogoff: A port learns 802.1x authentication failure/successful802.1x authentication/802.1x user logoff.z ralmlogfailure/ralmlogoff: A port learns MAC authentication failure/MAC authentication userlogoff.z intrusion: A port learns illegal frames.Follow these steps to configure port security trapping:To do… Use the command… RemarksEnter system view system-view —Enable port securitytrapsport-security trap { addresslearned |dot1xlogfailure | dot1xlogoff |dot1xlogon | intrusion | ralmlogfailure| ralmlogoff | ralmlogon }RequiredBy default, no port security trapis enabled.Configuring Secure MAC AddressesSecure MAC addresses are special MAC addresses. They never age out or get lost if saved before thedevice restarts. One secure MAC address can be added to only one port in the same VLAN. Thus, youcan bind a MAC address to one port in the same VLAN.Secure MAC addresses can be:z Learned by a port working in autoLearn mode.z Manually configured through the command line interface (CLI) or management information base(MIB).When the maximum number of secure MAC addresses is reached, no more can be added. The portallows only the packets with the source MAC address being the secure MAC address.Configuration Prerequisitesz Enable port securityz Set the maximum number of secure MAC addresses allowed on the portz Set the port security mode to autoLearnConfiguration ProcedureFollow these steps to configure a secure MAC address: