Configuring Port Security Features
Configuring the NTK feature
Follow these steps to configure the NTK feature:
To do...
Enter system view
Enter Ethernet port view
Configure the NTK feature
Configuring intrusion protection
Follow these steps to configure the intrusion protection feature:
To do...
Enter system view
Enter Ethernet port view
Set the corresponding action to
be taken by the switch when
intrusion protection is triggered
Return to system view
Set the timer during which the
port remains disabled
The port-security timer disableport command is used in conjunction with the port-security
intrusion-mode disableport-temporarily command to set the length of time period during which the
port remains disabled.
If you configure the NTK feature and execute the port-security intrusion-mode blockmac command
on the same port, the switch will be unable to disable the packets whose destination MAC address is
illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets
whose destination MAC address is illegal.
Use the command...
system-view
interface interface-type
interface-number
port-security ntk-mode
{ ntkonly |
ntk-withbroadcasts |
ntk-withmulticasts }
Use the command...
system-view
interface interface-type
interface-number
port-security intrusion-mode
{ blockmac | disableport |
disableport-temporarily }
quit
port-security timer disableport
timer
15-10
Remarks
—
—
Required
By default, NTK is disabled on
a port, namely all frames are
allowed to be sent.
Remarks
—
—
Required
By default, intrusion
protection is disabled.
—
Optional
20 seconds by default