Port security features – H3C Technologies H3C S3600 Series Switches User Manual

1-7

Figure 1-4 Packet processing in a security mode with the Or keyword

Port Security Features

The following port security features are provided:

z

NTK (need to know) feature: Checks the destination MAC addresses in outbound frames and

allows frames to be sent to only devices passing authentication. This prevents illegal devices from

intercepting network traffic.

z

Intrusion protection feature: Checks the source MAC addresses in inbound frames or the

usernames and passwords in 802.1X authentication requests, and takes the pre-defined action on

each detected illegal frame or event. The action may be disabling the port temporarily, disabling the

port unless you bring it up manually, or blocking frames from an illegal MAC address for three

minutes (unmodifiable).

z

Trap feature: Enables the device to send trap messages upon detecting specified frames that

result from, for example, intrusion or user login/logout operations. This helps you monitor some

special behaviors.