3com S7906E Verweisanleitung

 

1-10 

z 

The maximum number of secure MAC addresses allowed on a port does not include or limit that of 

the static MAC addresses manually configured.  

z 

The maximum number of secure MAC addresses allowed on a port must not be less than the 

number of MAC addresses stored on the port.  

Related commands: display port-security. 

# Set the maximum number of secure MAC addresses allowed on port GigabitEthernet 2/0/1 to 100. 

<Sysname> system-view 

[Sysname] interface gigabitethernet 2/0/1 

[Sysname-GigabitEthernet2/0/1] port-security max-mac-count 100 

port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly } 

Ethernet interface view 

2: System level 

ntk-withbroadcasts: Sends frames destined for authenticated MAC addresses or the broadcast 

address. 

ntk-withmulticasts: Sends frames destined for authenticated MAC addresses, the broadcast address, 

or unknown multicast addresses. 

ntkonly: Sends frames destined for authenticated MAC addresses.  

Use the port-security ntk-mode command to configure the NTK feature.  

Use the undo port-security ntk-mode command to restore the default.  

Be default, NTK is disabled on a port and all frames are allowed to be sent.  

The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow 

frames to be sent to only devices passing authentication, thus preventing illegal devices from 

intercepting network traffic.  

The frames checked by the NTK feature include the authenticated unicasts, broadcasts, and frames 

destined for unknown multicast addresses. Frames destined for known multicast addresses are not 

checked. 

Related commands: display port-security.