Enabling Port Security Traps; Configuring Secure Mac Addresses - HP 3600 v2 Series Configuration Manual

disableport-temporarily—Disables the port for a specific period of time. The period can be
•
configured with the port-security timer disableport command.
On a port
macAddressElseUserLoginSecureExt mode, intrusion protection is triggered only after both MAC
authentication and 802.1X authentication for the same frame fail.
To configure the intrusion protection feature:
Step
1. Enter system view.
2. Enter Layer 2 Ethernet
interface view.
3. Configure the intrusion
protection feature.
4. Return to system view.
5. Set the silence timeout period
during which a port remains
disabled.

Enabling port security traps

You can configure the port security module to send traps for the following categories of events:
addresslearned—Learning of new MAC addresses.
•
• dot1xlogfailure/dot1xlogon/dot1xlogoff—802.1X authentication failure, success, and 802.1X
user logoff.
ralmlogfailure/ralmlogon/ralmlogoff—MAC authentication failure, MAC authentication user
•
logon, and MAC authentication user logoff.
intrusion—Detection of illegal frames.
•
To enable port security traps:
Step
1. Enter system view.
2. Enable port security traps.

Configuring secure MAC addresses

Secure MAC addresses are configured or learned in autoLearn mode and can survive link down/up
events. You can bind a secure MAC address to only one port in a VLAN.
operating in either
Command
system-view
interface interface-type
interface-number
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
quit
port-security timer disableport
time-value
Command
system-view
port-security trap { addresslearned
| dot1xlogfailure | dot1xlogoff |
dot1xlogon | intrusion |
ralmlogfailure | ralmlogoff |
ralmlogon }
the macAddressElseUserLoginSecure
204
mode
Remarks
N/A
N/A
By default, intrusion protection is
disabled.
N/A
Optional.
20 seconds by default.
Remarks
N/A
By default, port security traps are
disabled.
or the