Configuring port security features, Configuring ntk, Configuring port security – H3C Technologies H3C S7500E Series Switches User Manual

9-9

z

When a port operates in autoLearn mode, the maximum number of secure MAC addresses

cannot be changed.

z

An OUI, as defined by the Institute of Electrical and Electronics Engineers (IEEE), is the first 24

bits of the MAC address, which uniquely identifies a device vendor.

z

You can configure multiple OUI values. However, a port in userLoginWithOUI mode allows only

one 802.1X user and one user whose MAC address contains a specified OUI to pass

authentication at the same time.

z

After enabling port security, you can change the port security mode of a port only when the port is

operating in noRestrictions mode, the default mode. To change the port security mode for a port

in any other mode, use the undo port-security port-mode command to restore the default port

security mode first.

Configuring Port Security Features

Configuring NTK

The NTK feature checks the destination MAC addresses in outbound frames to make sure that frames

are forwarded to only authenticated devices. Any unicast frame with an unknown destination MAC

address is discarded.

The NTK feature supports three modes:

z

ntkonly: Forwards only unicast frames with authenticated destination MAC addresses.

z

ntk-withbroadcasts: Forwards only broadcast frames and unicast frames with authenticated

destination MAC addresses.

z

ntk-withmulticasts: Forwards only broadcast frames, multicast frames, and unicast frames with

authenticated destination MAC addresses.

Follow these steps to configure the NTK feature:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type

interface-number

—

Configure the NTK feature

port-security ntk-mode

{ ntk-withbroadcasts |

ntk-withmulticasts | ntkonly }

Required

By default, NTK is disabled on a

port and all frames are allowed to

be sent.