The maximum number of secure MAC addresses allowed on a port does not include or limit that of
the static MAC addresses manually configured.
The maximum number of secure MAC addresses allowed on a port must not be less than the
number of MAC addresses stored on the port.
Related commands: display port-security.
Examples
# Set the maximum number of secure MAC addresses allowed on port GigabitEthernet 2/0/1 to 100.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/0/1
[Sysname-GigabitEthernet2/0/1] port-security max-mac-count 100
port-security ntk-mode
Syntax
port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }
undo port-security ntk-mode
View
Ethernet interface view
Default Level
2: System level
Parameters
ntk-withbroadcasts: Sends frames destined for authenticated MAC addresses or the broadcast
address.
ntk-withmulticasts: Sends frames destined for authenticated MAC addresses, the broadcast address,
or unknown multicast addresses.
ntkonly: Sends frames destined for authenticated MAC addresses.
Description
Use the port-security ntk-mode command to configure the NTK feature.
Use the undo port-security ntk-mode command to restore the default.
Be default, NTK is disabled on a port and all frames are allowed to be sent.
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow
frames to be sent to only devices passing authentication, thus preventing illegal devices from
intercepting network traffic.
The frames checked by the NTK feature include the authenticated unicasts, broadcasts, and frames
destined for unknown multicast addresses. Frames destined for known multicast addresses are not
checked.
Related commands: display port-security.
1-10
Need help?
Do you have a question about the S7906E and is the answer not in the manual?