Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. 3com
  4. S7906E
  5. 설치 설명서

3com S7906E 설치 설명서

다운로드
페이지 2621
 
1-8 
 
You cannot change the maximum number of secure MAC addresses allowed on a port that 
operates in autoLearn mode.  
OUI, defined by IEEE, is the first 24 bits of the MAC address and uniquely identifies a device 
vendor.  
You can configure multiple OUI values. However, a port in userLoginWithOUI mode allows only 
one 802.1X user and one user whose MAC address contains a specified OUI. 
After enabling port security, you can change the port security mode of a port only when the port is 
operating in noRestrictions mode, the default mode. To change the port security mode of a port 
operating in any other mode, use the undo port-security port-mode command to restore the 
default port security mode at first. 
You cannot change the port security mode of a port with users online. 
 
Configuring Port Security Features 
Configuring NTK 
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow 
frames to be forwarded to only devices passing authentication. The NTK feature supports three modes: 
ntkonly: Forwards only frames destined for authenticated MAC addresses.  
ntk-withbroadcasts: Forwards only frames destined for authenticated MAC addresses or the 
broadcast address.  
ntk-withmulticasts: Forwards only frames destined for authenticated MAC addresses, multicast 
addresses, or the broadcast address. 
By default, NTK is disabled on a port and the port forwards all frames. With NTK configured, a port will 
discard any unicast packet with an unknown MAC address no matter in which mode it operates. 
Follow these steps to configure the NTK feature: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Enter interface view 
interface interface-type 
interface-number 
— 
Configure the NTK feature 
port-security ntk-mode 
ntk-withbroadcasts | 
ntk-withmulticasts | ntkonly }
Required 
By default, NTK is disabled on 
a port and all frames are 
allowed to be sent. 
 
Configuring Intrusion Protection 
The intrusion protection enables a device to perform either of the following security policies when it 
detects illegal frames: