1-8
By default, NTK is disabled on a port and the port forwards all frames. With NTK configured, a port will
discard any unicast packet with an unknown MAC address no matter in which mode it operates.
Follow these steps to configure the NTK feature:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure the NTK feature
port-security ntk-mode
{ ntk-withbroadcasts |
ntk-withmulticasts | ntkonly }
Required
By default, NTK is disabled on
a port and all frames are
allowed to be sent.
Support for the NTK feature depends on the port security mode.
Configuring Intrusion Protection
The intrusion protection enables a device to perform either of the following security policies when it
detects illegal frames:
z blockmac: Adds the source MAC addresses of illegal frames to the blocked MAC addresses list
and discards frames with blocked source MAC addresses. A blocked MAC address is restored to
normal after being blocked for three minutes, which is fixed and cannot be changed.
z disableport: Disables the port permanently.
z disableport-temporarily: Disables the port for a specified period of time. Use the port-security
timer disableport command to set the period.
Follow these steps to configure the intrusion protection feature:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure the intrusion
protection feature
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
Required
By default, intrusion protection
is disabled.
Return to system view
quit
—
Set the silence timeout during
which a port remains disabled
port-security timer
disableport time-value
Optional
20 seconds by default
To Next Page
Loading...
Need help?
General