Configuration Procedure; Configuring Port Security Features; Configuring Ntk - HP A6600 Configuration Manual

Configuration procedure

To do...
1. Enter system view.
2. Set an OUI value for
user authentication.
3. Enter interface view.
4. Set the port security
mode.
NOTE:
This feature is available only on a SAP interface card in bridging mode.
•
When a port operates in autoLearn mode, the maximum number of secure MAC addresses cannot
•
be changed.
An OUI, as defined by the IEEE, is the first 24 bits of the MAC address, which uniquely identifies a
•
device vendor.
configure multiple OUI values. However, a port in userLoginWithOUI mode allows only one 802.1X
•
user and one user whose MAC address contains a specified OUI to pass authentication at the same
time.
After enabling port security, change the port security mode of a port only when the port is operating
•
in noRestrictions mode, the default mode. To change the port security mode for a port in any other
mode, first use undo port-security port-mode to restore the default port security mode.

Configuring port security features

Configuring NTK

The NTK feature checks the destination MAC addresses in outbound frames to make sure that frames are
forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC address
is discarded.
The NTK feature supports the following modes:
Command...
system-view
port-security oui oui-value index
index-value
interface interface-type interface-
number
port-security port-mode { autolearn |
mac-authentication | mac-else-
userlogin-secure | mac-else-
userlogin-secure-ext | secure |
userlogin | userlogin-secure |
userlogin-secure-ext | userlogin-
secure-or-mac | userlogin-secure-or-
mac-ext | userlogin-withoui }
179
Remarks
—
Optional.
Not configured by default.
The command is required for the
userlogin-withoui mode.
• The autoLearn mode applies to
only to Layer 2 Ethernet ports.
• The userloginWithOUI mode
applies only to Layer 2 Ethernet
ports.
Required.
By default, a port operates in
noRestrictions mode.