The port-security protect-action command configures a protection action for the system to perform when the number of learned MAC addresses reaches the limit.
The undo port-security protect-action command restores the default protection action.
The default action is restrict.
Parameter |
Description |
Value |
|---|---|---|
protect |
Discards packets with new source MAC addresses when the number of learned MAC addresses reaches the limit. |
- |
restrict |
Discards packets with new source MAC addresses and sends a trap message when the number of learned MAC addresses reaches the limit. |
- |
Usage Scenario
After enabling port security, you can run the port-security protect-action command to configure the action performed on the interface when the number of learned MAC addresses reaches the limit.
Prerequisites
Port security has been enabled by using the port-security enable command on the interface.
Precautions
If you run the port-security protect-action command multiple times in the same interface view, only the latest configuration takes effect.
# Set the protection action on an AP's wired interface to protect.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] wired-port-profile name wire1 [HUAWEI-wlan-wired-port-wire1] mode endpoint Warning: If the AP goes online through a wired port, the incorrect port mode con figuration will cause the AP to go out of management. This fault can be recovere d only by modifying the configuration on the AP. Continue? [Y/N]:y Warning: This action will take effect after resetting AP. [HUAWEI-wlan-wired-port-wire1] port-security enable [HUAWEI-wlan-wired-port-wire1] port-security protect-action protect