132
Step Command Remarks
2. Set an OUI value for user
authentication.
port-security
oui
oui-value
index
index-value
Required for the
userlogin-withoui
mode.
Not configured by default.
To set multiple OUI values, repeat
this step.
3. Enter interface view.
interface
interface-type
interface-number
To specify the autoLearn or
userloginWithOUI mode, you
must enter Layer 2 Ethernet
interface view.
4. Set the port security mode.
port-security
port-mode
{
autolearn
|
mac-authentication
|
mac-else-userlogin-secure
|
mac-else-userlogin-secure-ext
|
secure
|
userlogin
|
userlogin-secure
|
userlogin-secure-ext
|
userlogin-secure-or-mac
|
userlogin-secure-or-mac-ext
|
userlogin-withoui
}
By default, a port operates in
noRestrictions mode.
Configuring port security features
Configuring NTK
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 Yes
MSR93X No
MSR20-1X Yes
MSR20 Yes
MSR30 Yes
MSR50 Yes
MSR1000 Yes
The NTK feature checks destination MAC addresses in outbound frames to make sure frames are
forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC
address is discarded. Not all port security modes support triggering the NTK feature. For more
information, see Table 8.
The NTK feat
ure supports the following modes:
• ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
• ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated
destination MAC addresses.
• ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames
with authenticated destination MAC addresses.
To configure the NTK feature:
To Next Page
Loading...
Need help?
General
