Interface interface-list: Specifies Ethernet ports by an Ethernet port list in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> means that you can specify up to 10 ports or port ranges. The starting port and ending port of a port range must be of the same type and the ending port number must be greater than the starting port number.

Description

Use the display port-security command to display port security configuration information, operation information, and statistics about one or more ports.

If the interface interface-list parameter is not provided, the command displays port security information, operation information, and status about all ports.

Related commands: port-security enable, port-security port-mode, port-security ntk-mode, port-security intrusion-mode, port-security max-mac-count, port-security mac-address security, port-security authorization ignore, port-security oui, port-security trap.

Examples

# Display port security configuration information, operation information, and statistics about all ports.

<Sysname> display port-security

Equipment port-security is enabled

AddressLearn trap is enabled

Intrusion trap is enabled

Dot1x logon trap is enabled

Dot1x logoff trap is enabled

Dot1x logfailure trap is enabled

RALM logon trap is enabled

RALM logoff trap is enabled

RALM logfailure trap is enabled

Disableport Timeout: 20s

OUI value:

Index is 1, OUI value is 000d1a

Index is 2, OUI value is 003c12

GigabitEthernet1/0/1 is link-down

Port mode is UserloginWithOUI

NeedtoKnow mode is NeedToKnowOnly

Intrusion Portection mode is DisablePort

Max MAC address number is 50

Stored MAC address number is 0

Authorization is ignored

GigabitEthernet1/0/2 is link-down

Port mode is noRestriction

NeedtoKnow mode is disabled

Intrusion mode is NoAction

Max MAC address number is not configured

Stored MAC address number is 0

Authorization is permitted

Table 1-1 display port-security command output description

Field	Description
Equipment port-security	Whether the port security is enabled or not.
AddressLearn trap	Whether trapping for MAC address learning is enabled or not. If it is enabled, the port sends trap information after it learns a new MAC address.
Intrusion trap	Whether trapping for intrusion protection is enabled or not. If it is enabled, the port sends trap information after it detects illegal packets.
Dot1x logon trap	Whether trapping for 802.1X logon is enabled or not. If it is enabled, the port sends trap information after a user passes 802.1X authentication.
Dot1x logoff trap	Whether trapping for 802.1X logoff is enabled or not. If it is enabled, the port sends trap information after an 802.1X user logs off.
Dot1x logfailure	Whether trapping for 802.1X authentication failure is enabled or not. If it is enabled, the port sends trap information after a user fails the 802.1Xuthentication.
RALM logon trap	Whether trapping for MAC authentication success is enabled or not. If it is enabled, the port sends trap information when a user passes MAC address authentication.
RALM logoff trap	Whether trapping for MAC authenticated user logoff is enabled or not. If it is enabled, traps are sent when a MAC address authenticated user logs off.
RALM logfailure trap	Whether trapping for MAC authentication failure is enabled or not. If it is enabled, the port sends trap information when a user fails MAC address authentication.
Disableport Timeout	Silence timeout period of the port that receives illegal packets, in seconds.
OUI value	List of OUI values allowed
Port mode	Port security mode, which can be: l autoLearn l macAddressWithRadius l macAddressElseUserLoginSecure l macAddressElseUserLoginSecureExt l secure l userLogin l userLoginSecure l userLoginSecureExt l macAddressOrUserLoginSecure l macAddressOrUserLoginSecureExt l userLoginWithOUI
NeedtoKnow mode	NTK mode, which can be: l NeedToKnowOnly: Allows only unicasts with authenticated destination MAC addresses. l NeedToKnowWithBroadcast: Allows only unicasts and broadcasts with authenticated destination MAC addresses. l NeedToKnowWithMulticast: Allows unicasts, multicasts and broadcasts with authenticated destination MAC addresses.
Intrusion mode	Intrusion protection action mode, which can be : l BlockMacAddress: Adds the source MAC address of the illegal packet to the blocked MAC address list. l DisablePort: Shuts down the port that receives illegal packets permanently. l DisablePortTemporarily: Shuts down the port that receives illegal packets for some time. l NoAction: Performs no intrusion protection.
Max MAC address number	Maximum number of secure MAC addresses allowed on the port
Stored MAC address number	Number of secure MAC addresses stored
Authorization	Whether the authorization information from the server is ignored or not: l permitted: Authorization information from the RADIUS server takes effect. l ignored: Authorization information from the RADIUS server does not take effect.

display port-security mac-address block

Syntax

display port-security mac-address block [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ]

View

Any view

Default Level

2: System level

Parameters

interface interface-type interface-number: Specifies a port by its type and number.

vlan vlan-id: Specifies a VLAN by its ID, which is in the range 1 to 4094.

count: Displays only the count of the blocked MAC addresses.

Description

Use the display port-security mac-address block command to display information about blocked MAC addresses.

With no keyword or argument specified, the command displays information about all blocked MAC addresses.

Related commands: port-security intrusion-mode.

Examples

# Display information about all blocked MAC addresses.

<Sysname> display port-security mac-address block

MAC ADDR From Port VLAN ID

000f-1f86-3232 GigabitEthernet1/0/2 1

--- On slot 1, 1 mac address(es) found ---

--- 1 mac address(es) found ---

# Display the count of all blocked MAC addresses.

<Sysname> display port-security mac-address block count

--- On slot 1, 2 mac address(es) found ---

---2 mac address(es) found ---

# Display information about all blocked MAC addresses in VLAN 1.

<Sysname> display port-security mac-address block vlan 1

MAC ADDR From Port VLAN ID

0002-0002-0002 GigabitEthernet1/0/1 1

000d-88f8-0577 GigabitEthernet1/0/1 1

--- On slot 1, 2 mac address(es) found ---

--- 2 mac address(es) found ---

# Display information about all blocked MAC addresses of port GigabitEthernet 1/0/1.

MAC ADDR From Port VLAN ID

000d-88f8-0577 GigabitEthernet1/0/1 1

--- On slot 1, 1 mac address(es) found ---

--- 1 mac address(es) found ---

# Display information about all blocked MAC addresses of port GigabitEthernet1/0/1 in VLAN 1.

<Sysname> display port-security mac-address block interface gigabitethernet 1/0/1 vlan 1

MAC ADDR From Port VLAN ID

000d-88f8-0577 GigabitEthernet1/0/1 1

--- On slot 1, 1 mac address(es) found ---

--- 1 mac address(es) found ---

Table 1-2 display port-security mac-address block command output description

Field	Description
MAC ADDR	Blocked MAC address
From Port	Port having received frames with the blocked MAC address being the source address
VLAN ID	ID of the VLAN to which the port belongs
x mac address(es) found	Number of blocked MAC addresses

display port-security mac-address security

Syntax

display port-security mac-address security [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ]

View

Any view

Default Level

2: System level

Parameters

interface interface-type interface-number: Specifies a port by its type and number.

vlan vlan-id: Specifies a VLAN by its ID, which is in the range 1 to 4094.

count: Displays only the count of the secure MAC addresses.

Description

Use the display port-security mac-address security command to display information about secure MAC addresses.

With no keyword or argument specified, the command displays information about all secure MAC addresses.

Related commands: port-security mac-address security.

Examples

# Display information about all secure MAC addresses.

<Sysname> display port-security mac-address security

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

0002-0002-0002 1 Security GigabitEthernet1/0/1 NOAGED

000d-88f8-0577 1 Security GigabitEthernet1/0/1 NOAGED

--- 2 mac address(es) found ---

# Display only the count of the secure MAC addresses.

<Sysname> display port-security mac-address security count

This operation may take a few minutes, please wait......

--- 2 mac address(es) found ---

# Display information about secure MAC addresses in VLAN 1.

<Sysname> display port-security mac-address security vlan 1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

0002-0002-0002 1 Security GigabitEthernet1/0/1 NOAGED

000d-88f8-0577 1 Security GigabitEthernet1/0/1 NOAGED

--- 2 mac address(es) found ---

# Display information about secure MAC addresses on port GigabitEthernet 1/0/1.

<Sysname> display port-security mac-address security interface gigabitethernet1/0/1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

000d-88f8-0577 1 Security GigabitEthernet1/0/1 NOAGED

--- 1 mac address(es) found ---

# Display information about secure MAC addresses on port GigabitEthernet 1/0/1in VLAN 1.

<Sysname> display port-security mac-address security interface gigabitethernet 1/0/1 vlan 1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

000d-88f8-0577 1 Security GigabitEthernet1/0/1 NOAGED

--- 1 mac address(es) found ---

Table 1-3 display port-security mac-address security command output description

Field	Description
MAC ADDR	Secure MAC address
VLAN ID	ID of the VLAN to which the port belongs
STATE	Type of the MAC address added. "Security" means it is a secure MAC address.
PORT INDEX	Port to which the secure MAC address belongs
AGING TIME(s)	Period of time before the secure MAC address ages out. "NOAGED" means do not age out the secure MAC address.
x mac address(es) found	Number of secure MAC addresses stored

port-security authorization ignore

Syntax

port-security authorization ignore

undo port-security authorization ignore

View

Ethernet interface view

Default Level

2: System level

Parameters

None

Description

Use the port-security authorization ignore command to configure a port to ignore the authorization information from the RADIUS server.

Use the undo port-security authorization ignore command to restore the default.

By default, a port uses the authorization information from the RADIUS server.

After a user passes RADIUS authentication, the RADIUS server performs authorization based on the authorization attributes configured for the user’s account. For example, it may assign a VLAN.

Related commands: display port-security.

Examples

# Configure port GigabitEthernet 1/0/1 to ignore the authorization information from the RADIUS server.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security authorization ignore

port-security enable

Syntax

port-security enable

undo port-security enable

View

System view

Default Level

2: System level

Parameters

None

Description

Use the port-security enable command to enable port security.

Use the undo port-security enable command to disable port security.

By default, port security is disabled.

Note that:

1) Port security cannot be enabled when 802.1X or MAC authentication is enabled globally.

2) Enabling port security resets the following configurations on a port to the defaults bracketed, making them dependent completely on the port security mode:

l 802.1X (disabled), port access control method (macbased), and port access control mode (auto)

l MAC authentication (disabled)

3) Disabling port security resets the following configurations on a port to the defaults bracketed:

l Port security mode (noRestrictions)

l 802.1X (disabled), port access control method (macbased), and port access control mode (auto)

l MAC authentication (disabled)

4) Port security cannot be disabled if there is any user present on a port.

Related commands: display port-security, dot1x, dot1x port-method, and dot1x port-control in 802.1X Commands of the Command Reference - Part 8 - Security; mac-authentication in MAC Authentication Commands of the Command Reference - Part 8 – Security.

Examples

# Enable port security.

<Sysname> system-view

[Sysname] port-security enable

port-security intrusion-mode

Syntax

port-security intrusion-mode { blockmac | disableport | disableport-temporarily }

undo port-security intrusion-mode

View

Layer 2 Ethernet interface view

Default Level

2: System level

Parameters

blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC address list and discards frames with blocked source MAC addresses. This implements illegal traffic filtering on the port. A blocked MAC address is restored to normal after being blocked for three minutes, which is fixed and cannot be changed. To view the blocked MAC address list, use the display port-security mac-address block command.

disableport: Disables the port permanently upon detecting an illegal frame received on the port.

disableport-temporarily: Disables the port for a specified period of time whenever it receives an illegal frame. Use the port-security timer disableport command to set the period.

Description

Use the port-security intrusion-mode command to configure the intrusion protection feature, so that the interface performs configured security policies in response to received illegal packets.

Use the undo port-security intrusion-mode command to restore the default.

By default, intrusion protection is disabled.

To restore the connection of the port, use the undo shutdown command.

Related commands: display port-security, display port-security mac-address block, port-security timer disableport.

Examples

# Configure port GigabitEthernet 1/0/1 to block the source MAC addresses of illegal frames after intrusion protection is triggered.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security intrusion-mode blockmac

port-security mac-address security

Syntax

In Layer 2 Ethernet interface view:

port-security mac-address security mac-address vlan vlan-id

In system view:

port-security mac-address security mac-address interface interface-type interface-number vlan vlan-id

undo port-security mac-address security [ [ mac-address [ interface interface-type interface-number ] ] vlan vlan-id ]

View

Layer 2 Ethernet Interface view, system view

Default Level

2: System level

Parameters

mac-address: Secure MAC address, in the H-H-H format.

interface interface-type interface-number: Specifies a Layer 2 Ethernet port by its type and number.

vlan vlan-id: Specifies the VLAN to which the secure MAC address belongs. vlan-id represents the ID of the VLAN, in the range 1 to 4094.

Description

Use the port-security mac-address security command to add a secure MAC address.

Use the undo port-security mac-address security command to remove specified secure MAC addresses.

By default, no secure MAC address is configured.

Note that:

l The port must belong to the specified VLAN.

l You can configure a secure MAC address only if port security is enabled (with the port-security enable command) and the specified port operates in autoLearn mode (with the port-security port-mode autolearn command).

l The undo port-security mac-address security command can be used in system view only.

Related commands: display port-security.

Examples

# Enable port security, set the port security mode of port GigabitEthernet 1/0/1 to autoLearn, and add a secure MAC address of 0001-0001-0002 (belonging to VLAN 10) for port GigabitEthernet 1/0/1 in system view.

<Sysname> system-view

[Sysname] port-security enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100

[Sysname-GigabitEthernet1/0/1] port-security port-mode autolearn

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] port-security mac-address security 0001-0001-0002 interface gigabitethernet 1/0/1 vlan 10

# Enable port security, set the port security mode of port GigabitEthernet 1/0/1 to autoLearn, and add a secure MAC address of 0001-0002-0003 (belonging to VLAN 4) for port GigabitEthernet 1/0/1 in interface view.

<Sysname> system-view

[Sysname] port-security enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100

[Sysname-GigabitEthernet1/0/1] port-security port-mode autolearn

[Sysname-GigabitEthernet1/0/1] port-security mac-address security 0001-0002-0003 vlan 4

port-security max-mac-count

Syntax

port-security max-mac-count count-value

undo port-security max-mac-count

View

Ethernet interface view

Default Level

2: System level

Parameters

count-value: Maximum number of secure MAC addresses allowed on the port, ranging 1 to 1024.

Description

Use the port-security max-mac-count command to set the maximum number of secure MAC addresses allowed to be added for the port in autoLearn mode.

Use the undo port-security max-mac-count command to restore the default setting.

By default, the maximum number of secure MAC addresses is not limited.

Note that:

l You cannot change the maximum number of secure MAC addresses for a port that is working in the autoLearn mode.

l The maximum number of secure MAC addresses allowed on a port does not include that of the static MAC addresses manually configured.

l The maximum number of secure MAC addresses allowed on a port must not be less than the number of MAC addresses stored on the port.

Related commands: display port-security.

Examples

# Set the maximum number of secure MAC addresses allowed on port GigabitEthernet 1/0/1 to 100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100

port-security ntk-mode

Syntax

port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }

undo port-security ntk-mode

View

Ethernet interface view

Default Level

2: System level

Parameters

ntk-withbroadcasts: Forwards only broadcast frames and unicast frames with authenticated destination MAC addresses.

ntk-withmulticasts: Forwards only broadcast frames, multicast frames, and unicast frames with authenticated destination MAC addresses.

ntkonly: Forwards only unicast frames with authenticated destination MAC addresses.

Description

Use the port-security ntk-mode command to configure the NTK feature.

Use the undo port-security ntk-mode command to restore the default.

By default, NTK is disabled on a port and all frames are allowed to be sent.

The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow frames to be sent to only devices passing authentication, thus preventing illegal devices from intercepting network traffic.

Related commands: display port-security.

Examples

# Set the NTK mode of port GigabitEthernet 1/0/1 to ntkonly, allowing the port to forward received packets to only devices passing authentication.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security ntk-mode ntkonly

port-security oui

Syntax

port-security oui oui-value index index-value

undo port-security oui index index-value

View

System view

Default Level

2: System level

Parameters

oui-value: Organizationally unique identifier (OUI) string, a 48-bit MAC address in the H-H-H format. The system automatically uses only the 24 high-order bits as the OUI value.

index-value: OUI index, in the range 1 to 16.

Description

Use the port-security oui command to configure an OUI value for user authentication. This value is used when the port security mode is userLoginWithOUI.

Use the undo port-security oui command to delete an OUI value with the specified OUI index.

By default, no OUI value is configured.

An OUI (Organizational Unique Identifier), the first 24 binary bits of a MAC address, is assigned by IEEE to uniquely identify a device vendor. Use this command when you need to configure a device to allow packets from certain wired devices to pass authentication or to allow packets from certain wireless devices to initiate authentication. For example, when a company allows only IP phones of vendor A in the Intranet, use this command to set the OUI of vendor A.

Note that an OUI value configured by using the port-security oui command takes effect only when the security mode is userLoginWithOUI.

Related commands: display port-security.

Examples

# Configure an OUI value of 000d2a, setting the index to 4.

<Sysname> system-view

[Sysname] port-security oui 000d-2a10-0033 index 4

port-security port-mode

Syntax

port-security port-mode { autolearn | mac-authentication | mac-else-userlogin-secure | mac-else-userlogin-secure-ext | secure | userlogin | userlogin-secure | userlogin-secure-ext | userlogin-secure-or-mac | userlogin-secure-or-mac-ext | userlogin-withoui }

undo port-security port-mode

View

Interface view

Default Level

2: System level

Parameters

See the following for details about the keywords of port security modes:

Keyword	Security mode	Description
autolearn	autoLearn	In this mode, a port can learn MAC addresses. These dynamically learned MAC addresses are secure MAC addresses. You can also configure secure MAC addresses by using the port-security mac-address security command. A secure MAC address never ages out by default. In addition, you can configure MAC addresses manually by using the mac-address dynamic and mac-address static commands for a port in autoLearn mode. The port permits only frames sourced from the MAC addresses that are in the MAC address table. When the number of secure MAC addresses reaches the upper limit, the port turns to secure mode.
mac-authentication	macAddressWithRadius	In this mode, a port performs MAC authentication for users and services multiple users.
mac-else-userlogin-secure	macAddressElseUserLoginSecure	This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with MAC authentication having a higher priority. l Upon receiving a non-802.1X frame, a port in this mode performs only MAC authentication. l Upon receiving an 802.1X frame, the port performs MAC authentication and then, if MAC authentication fails, 802.1X authentication.
mac-else-userlogin-secure-ext	macAddressElseUserLoginSecureExt	This mode is similar to the macAddressElseUserLoginSecure mode, except that it supports multiple 802.1X and MAC authentication users on the port.
secure	secure	In this mode, MAC address learning is disabled on the port and you can configure MAC addresses by using the mac-address static and mac-address dynamic commands. The port permits only frames sourced from the MAC addresses that are in the MAC address table.
userlogin	userLogin	In this mode, a port performs 802.1X authentication and implements port-based access control. If one 802.1X user passes authentication, all the other 802.1X users of the port can access the network without authentication.
userlogin-secure	userLoginSecure	In this mode, a port performs 802.1X authentication and implements MAC-based access control. It services only one user passing 802.1X authentication.
userlogin-secure-ext	userLoginSecureExt	Similar to the userLoginSecure mode except that this mode supports multiple online 802.1X users.
userlogin-secure-or-mac	macAddressOrUserLoginSecure	This mode is the combination of the userLoginSecure and macAddressWithRadius modes, with 802.1X authentication having a higher priority. For a user using a wired connection, the port performs MAC authentication upon receiving non-802.1X frames and performs 802.1X authentication upon receiving 802.1X frames.
userlogin-secure-or-mac-ext	macAddressOrUserLoginSecureExt	This mode is similar to the macAddressOrUserLoginSecure mode, except that it supports multiple 802.1X and MAC authentication users on the port.
userlogin-withoui	userLoginWithOUI	Similar to the userLoginSecure mode. In addition, a port in this mode also permits frames from a user whose MAC address contains a specified OUI (organizationally unique identifier). For wired users, the port performs 802.1X authentication upon receiving 802.1X frames, and performs OUI check upon receiving non-802.1X frames.

Description

Use the port-security port-mode command to set the port security mode of a port.

Use the undo port-security port-mode command to restore the default.

By default, a port operates in noRestrictions mode, where port security does not take effect.

Note that:

l Configuration of port security mode on a port is mutually exclusive with the configuration of 802.1X authentication, port access control method, port access control mode, and MAC authentication on the port.

l With port security enabled, you can change the port security mode of a port only when the port is operating in noRestrictions mode, the default mode. To restore the default port security mode, use the undo port-security port-mode command.

l Before configuring the port security mode to autoLearn, be sure to configure the maximum number of secure MAC addresses allowed on the port by using the port-security max-mac-count command.

l You cannot change the port security mode of a port with users online.

Related commands: display port-security.

Examples

# Enable port security and configure the port security mode of port GigabitEthernet 1/0/1 as secure.

<Sysname> system-view

[Sysname] port-security enable

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security port-mode secure

# Change the port security mode of port GigabitEthernet 1/0/1 to userLogin.

[Sysname-GigabitEthernet1/0/1] undo port-security port-mode

[Sysname-GigabitEthernet1/0/1] port-security port-mode userlogin

port-security timer disableport

Syntax

port-security timer disableport time-value

undo port-security timer disableport

View

System view

Default Level

2: System level

Parameters

time-value: Silence timeout period during which the port remains disabled, in seconds. It ranges from 20 to 300.

Description

Use the port-security timer disableport command to set the silence timeout period during which the port remains disabled.

Use the undo port-security timer disableport command to restore the default.

By default, the silence timeout period is 20 seconds.

If you configure the intrusion protection policy as disabling the port temporarily whenever it receives an illegal frame, you can use this command to set the silence period.

Related commands: display port-security.

Examples

# Configure the intrusion protection policy as disabling the port temporarily whenever it receives an illegal frame and set the silence timeout period to 30 seconds.

<Sysname> system-view

[Sysname] port-security timer disableport 30

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily

port-security trap

Syntax

port-security trap { addresslearned | dot1xlogfailure | dot1xlogoff | dot1xlogon | intrusion | ralmlogfailure | ralmlogoff | ralmlogon }

undo port-security trap { addresslearned | dot1xlogfailure | dot1xlogoff | dot1xlogon | intrusion | ralmlogfailure | ralmlogoff | ralmlogon }

View

System view

Default Level

2: System level

Parameters

addresslearned: Trapping for learning of new MAC addresses. When enabled, this function allows the device to send trap information when a port learns a new MAC address.

dot1xlogfailure: Trapping for 802.1X authentication failure.

dot1xlogon: Trapping for successful 802.1X authentication.

dot1xlogoff: Trapping for 802.1X user logoff events.

intrusion: Trapping for detection of illegal frames.

ralmlogfailure: Trapping for MAC authentication failure.

ralmlogoff: Trapping for MAC authentication user logoff events.

ralmlogon: Trapping for successful MAC authentication.

RALM (RADIUS Authenticated Login using MAC-address) means RADIUS authentication based on MAC address.

Description

Use the port-security trap command to enable trapping for port security.

Use the undo port-security trap command to disable trapping for port security.

By default, trapping for port security is disabled.

With the trapping feature, a device can send traps upon detecting frames that result from, for example, intrusion, abnormal login/logout operations, allowing you to monitor user behaviors.

Related commands: display port-security.

Examples

# Enable trapping for learning of new MAC addresses.

<Sysname> system-view

[Sysname] port-security trap addresslearned

TOP

H3C reserves the right to modify its collaterals without any prior notice. For the latest information of the collaterals, please consult H3C sales or call 400 hotline.