Configuring port security features, Configuring the ntk feature, Configuring intrusion protection – H3C Technologies H3C WX3000 Series Unified Switches User Manual

18-6

z

Before setting the port security mode to autolearn, you need to set the maximum number of MAC
addresses allowed on the port with the port-security max-mac-count command.

z

After you set the port security mode to autolearn, you cannot configure any static or blackhole
MAC addresses on the port.

z

If the port is in a security mode other than noRestriction, before you can change the port security
mode, you need to restore the port security mode to noRestriction with the undo port-security

port-mode

command.

If the port-security port-mode mode command has been executed on a port, none of the following can
be configured on the same port:

z

Maximum number of MAC addresses that the port can learn

z

Reflector port for port mirroring

z

Link aggregation

Configuring Port Security Features

Configuring the NTK feature

Follow these steps to configure the NTK feature:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port
view

interface

interface-type

interface-number

—

Configure the NTK
feature

port-security ntk-mode

{ ntkonly |

ntk-withbroadcasts

|

ntk-withmulticasts

}

Required
Be default, NTK is disabled on a port, namely
all frames are allowed to be sent.

The WX3000 series devices do not support the ntkonly NTK feature.

Configuring intrusion protection

Follow these steps to configure the intrusion protection feature:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-type

interface-number

—

Set the corresponding action to be
taken by the device when intrusion
protection is triggered

port-security intrusion-mode
{ disableport |
disableport-temporarily

|

blockmac

}

Required
By default, no action is taken when
intrusion protection is triggered.