Intrusion protection, Trap, Port security modes – H3C Technologies H3C WX6000 Series Access Controllers User Manual

19-2

Intrusion protection

The intrusion protection feature checks the source MAC addresses in inbound frames and takes a
pre-defined action accordingly upon detecting illegal frames. The action may be disabling the port
temporarily, disabling the port permanently, or blocking frames with the MAC address for three minutes
(unmodifiable).

Trap

The trap feature enables the device to send trap messages upon detecting specified frames that result
from, for example, intrusion or user login/logout operations, helping you monitor special activities.

Port Security Modes

Table 19-1

details the port security modes.

Table 19-1

Port security modes

Security mode

Description

Features

noRestrictions

Port security is disabled on the port and access to the port is
not restricted.

In this mode, neither the
NTK nor the intrusion
protection feature is
triggered.

autoLearn

In this mode, a port can learn a specified number of MAC
addresses and save those addresses as secure MAC
addresses. It permits only frames whose source MAC
addresses are secure MAC addresses or static MAC
addresses configured by using the mac-address static
command.
When the number of secure MAC addresses reaches the
upper limit, the port changes to work in secure mode.

secure

In this mode, a port is disabled from learning MAC addresses
and permits only frames whose source MAC addresses are
secure MAC addresses or static MAC addresses configured
by using the mac-address static command.

In either mode, the
device will trigger NTK
and intrusion protection
upon detecting an illegal
frame.

userLogin

In this mode, a port performs 802.1x authentication of users in
portbased

mode.

In this mode, neither NTK
nor intrusion protection
will be triggered.