Related commands: display port-security.
Examples
# Set port security's limit on the number of MAC addresses to 100 on port Ethernet 1/0/1.
<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security max-mac-count 100
port-security ntk-mode
Syntax
port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }
undo port-security ntk-mode
View
Ethernet interface view
Default level
2: System level
Parameters
ntk-withbroadcasts: Forwards only broadcast frames and unicast frames with authenticated destination
MAC addresses.
ntk-withmulticasts: Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
ntkonly: Forwards only unicast frames with authenticated destination MAC addresses.
Description
Use the port-security ntk-mode command to configure the NTK feature.
Use the undo port-security ntk-mode command to restore the default.
By default, NTK is disabled on a port and all frames are allowed to be sent.
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow
frames to be sent to only devices passing authentication, preventing illegal devices from intercepting
network traffic.
Related commands: display port-security.
Examples
# Set the NTK mode of port Ethernet 1/0/1 to ntkonly, allowing the port to forward received packets to
only devices passing authentication.
<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] port-security ntk-mode ntkonly
port-security oui
Syntax
port-security oui oui-value index index-value
180