146
Enter Layer 2 Ethernet
interface view
interface interface-type interface-
number
Set the port security mode
port-security port-mode { autolearn |
mac-authentication | mac-else-
userlogin-secure | mac-else-
userlogin-secure-ext | secure |
userlogin | userlogin-secure |
userlogin-secure-ext | userlogin-
secure-or-mac | userlogin-secure-or-
mac-ext | userlogin-withoui }
Required
By default, a port operates in
noRestrictions mode.
NOTE:
ï‚· When a port operates in autoLearn mode, the maximum number of secure MAC addresses cannot be changed.
ï‚· An OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a device
vendor.
ï‚· You can configure multiple OUI values. However, a port in userLoginWithOUI mode allows only one 802.1X user
and one user whose MAC address contains a specified OUI to pass authentication at the same time.
ï‚· After enabling port security, you can change the port security mode of a port only when the port is operating in
noRestrictions mode, the default mode. To change the port security mode for a port in any other mode, use the
undo port-security port-mode command to restore the default port security mode first.
Configuring port security features
Configuring NTK
The NTK feature checks the destination MAC addresses in outbound frames to make sure that frames are
forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC address is
discarded.
The NTK feature supports the following modes:
 ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
 ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated
destination MAC addresses.
 ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
Follow these steps to configure the NTK feature:
Enter Layer 2 Ethernet interface
view
interface interface-type interface-
number
To Next Page
Loading...
Need help?
General