Operation Manual – Port SecurityH3C S5500-EI Series Ethernet Switches Chapter 1 Port Security Configuration1-9To do… Use the command… RemarksEnter system view system-view —Enter Ethernet port view interface interface-typeinterface-number —Configure the intrusionprotection featureport-securityintrusion-mode{ blockmac | disableport |disableport-temporarily }RequiredBy default, intrusionprotection is disabled.Return to system view quit —Set the silence timeoutduring which a portremains disabledport-security timerdisableport time-valueOptional20 seconds by defaultNote:If you configure the port-security intrusion-mode command with thedisableport-temporarily keyword, you can use the port-security timer disableportcommand to set the silence timeout during which a port remains disabled.1.6.3 Configuring TrappingFollow these steps to configure port security trapping:To do… Use the command… RemarksEnter system view system-view —Enable port security trapsport-security trap{ addresslearned |dot1xlogfailure | dot1xlogoff |dot1xlogon | intrusion |ralmlogfailure | ralmlogoff |ralmlogon }RequiredBy default, no portsecurity trap isenabled.1.7 Configuring Secure MAC AddressesSecure MAC addresses are special MAC addresses. They never age out or get lost ifsaved before the device restarts. One secure MAC address can be added to only oneport in the same VLAN. Thus, you can bind a MAC address to one port in the sameVLAN.Secure MAC addresses can be learned by a port working in autoLearn mode. You canalso manually configure them through the command line interface (CLI) ormanagement information base (MIB).