Configuring Port Security Features; Configuring Ntk - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

Step
2. Set an OUI value for user
authentication.
3. Enter interface view.
4. Set the port security mode.

Configuring port security features

Configuring NTK

The following matrix shows the feature and hardware compatibility:
Hardware
MSR900
MSR93X
MSR20-1X
MSR20
MSR30
MSR50
MSR1000
The NTK feature checks destination MAC addresses in outbound frames to make sure frames are
forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC
address is discarded. Not all port security modes support triggering the NTK feature. For more
information, see
The NTK feature supports the following modes:
•
ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
•
ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated
destination MAC addresses.
•
ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames
with authenticated destination MAC addresses.
To configure the NTK feature:
Command
port-security oui oui-value
index index-value
interface interface-type
interface-number
port-security port-mode
{ autolearn |
mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-ext
| secure | userlogin |
userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext |
userlogin-withoui }
Table 8.
Feature compatibility
Yes
No
Yes
Yes
Yes
Yes
Yes
132
Remarks
Required for the
userlogin-withoui mode.
Not configured by default.
To set multiple OUI values, repeat
this step.
To specify the autoLearn or
userloginWithOUI mode, you
must enter Layer 2 Ethernet
interface view.
By default, a port operates in
noRestrictions mode.