Filter
Top Products
1-7
z Before setting the port security mode to autolearn, you need to set the maximum number of MAC
addresses allowed on the port with the port-security max-mac-count command.
z When the port operates in the autolearn mode, you cannot change the maximum number of MAC
addresses allowed on the port.
z After you set the port security mode to autolearn, you cannot configure any static or blackhole
MAC addresses on the port.
z If the port is in a security mode other than noRestriction, before you can change the port security
mode, you need to restore the port security mode to noRestriction with the undo port-security
port-mode command.
If the port-security port-mode mode command has been executed on a port, none of the following can
be configured on the same port:
z Maximum number of MAC addresses that the port can learn
z Reflector port for port mirroring
z Fabric port
z Link aggregation
Configuring Port Security Features
Configuring the NTK feature
Follow these steps to configure the NTK feature:
To do... Use the command... Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure the NTK feature
port-security ntk-mode
{ ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }
Required
By default, NTK is disabled on
a port, namely all frames are
allowed to be sent.
Configuring intrusion protection
Follow these steps to configure the intrusion protection feature:
To do... Use the command... Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Set the corresponding action to
be taken by the switch when
intrusion protection is triggered
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
Required
By default, intrusion
protection is disabled.
Return to system view
quit
—