1-6
To do…
Use the command…
Remarks
Enter Ethernet port view
interface
interface-type
interface-number
—
Set the port security mode
port-security port-mode
{
autolearn
|
mac-and-userlogin-secure
|
mac-and-userlogin-secure-e
xt
|
mac-authentication
|
mac-else-userlogin-secure
|
mac-else-userlogin-secure-e
xt
|
secure
|
userlogin
|
userlogin-secure
|
userlogin-secure-ext
|
userlogin-secure-or-mac
|
userlogin-secure-or-mac-ext
|
userlogin-withoui
}
Required
By default, a port operates in
noRestriction
mode. In this
mode, access to the port is not
restricted.
You can set a port security
mode as needed.
z
Before setting the port security mode to
autolearn
, you need to set the maximum number of MAC
addresses allowed on the port with the
port-security max-mac-count
command.
z
After you set the port security mode to
autolearn
, you cannot configure any static or blackhole
MAC addresses on the port.
z
If the port is in a security mode other than
noRestriction
, before you can change the port security
mode, you need to restore the port security mode to
noRestriction
with the
undo port-security
port-mode
command.
If the
port-security port-mode mode
command has been executed on a port, none of the following can
be configured on the same port:
z
Maximum number of MAC addresses that the port can learn
z
Reflector port for port mirroring
z
Link aggregation
Configuring Port Security Features
Configuring the NTK feature
Follow these steps to configure the NTK feature:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface
interface-type
interface-number
—
Configure the NTK feature
port-security ntk-mode
{
ntkonly
|
ntk-withbroadcasts
|
ntk-withmulticasts
}
Required
Be default, NTK is disabled on
a port, namely all frames are
allowed to be sent.