172
By default, the maximum number of secure MAC addresses is not limited.
Secure MAC addresses include MAC addresses automatically learned by the port in a security mode
and those configured manually with the
port-security mac-address security
command. The maximum
number of secure MAC addresses for a port must not be less than the number of MAC addresses stored
on the port.
You cannot change the maximum number of secure MAC addresses, if the port is operating in
autoLearn
mode.
Related commands:
display port-security
.
Examples
# Set the maximum number of secure MAC addresses allowed on port GigabitEthernet 1/0/1 to 100.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port-security max-mac-count 100
port-security ntk-mode
Syntax
port-security ntk-mode
{
ntk-withbroadcasts
|
ntk-withmulticasts
|
ntkonly
}
undo port-security ntk-mode
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
ntk-withbroadcasts
: Forwards only broadcast frames and unicast frames with authenticated destination
MAC addresses.
ntk-withmulticasts
: Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
ntkonly
: Forwards only unicast frames with authenticated destination MAC addresses.
Description
Use the
port-security ntk-mode
command to configure the NTK feature.
Use the
undo port-security ntk-mode
command to restore the default.
By default, NTK is disabled on a port and all frames are allowed to be sent.
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow
frames to be sent to only devices passing authentication, preventing illegal devices from intercepting
network traffic.
Related commands:
display port-security
.
Examples
# Set the NTK mode of port GigabitEthernet 1/0/1 to
ntkonly
, allowing the port to forward received
packets to only devices passing authentication.
<Sysname> system-view