184
Default
NTK is disabled on a port and all frames are allowed to be sent.
Views
Ethernet interface view
Default command level
2: System level
Parameters
ntk-withbroadcasts
: Forwards only broadcast frames and unicast frames with authenticated
destination MAC addresses.
ntk-withmulticasts
: Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
ntkonly
: Forwards only unicast frames with authenticated destination MAC addresses.
Usage guidelines
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow
frames to be sent to only devices passing authentication, preventing illegal devices from intercepting
network traffic.
Examples
# Set the NTK mode of port GigabitEthernet 3/0/1 to
ntkonly
, allowing the port to forward received
packets to only devices passing authentication.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-security ntk-mode ntkonly
Related commands
display port-security
port-security oui
Use
port-security oui
to configure an OUI value for user authentication. This value is used when the
port security mode is userLoginWithOUI.
Use
undo port-security oui
to delete the OUI value with the specified OUI index.
Syntax
port-security oui
oui-value
index
index-value
undo port-security oui index
index-value
Default
No OUI value is configured.
Views
System view
Default command level
2: System level
Parameters
oui-value
: Specifies an organizationally unique identifier (OUI) string, a 48-bit MAC address in the
H-H-H format. The system uses only the 24 high-order bits as the OUI value.