port-security ntk-mode
Use port-security ntk-mode to configure the NTK feature.
Use undo port-security ntk-mode to restore the default.
Syntax
port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }
undo port-security ntk-mode
Default
The NTK feature is not configured on a port and all frames are allowed to be sent.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ntk-withbroadcasts: Forwards only broadcast frames and unicast frames with authenticated destination MAC addresses.
ntk-withmulticasts: Forwards only broadcast frames, multicast frames, and unicast frames with authenticated destination MAC addresses.
ntkonly: Forwards only unicast frames with authenticated destination MAC addresses.
Usage guidelines
The NTK feature checks the destination MAC addresses in outbound frames. This feature allows frames to be sent only to devices passing authentication, preventing illegal devices from intercepting network traffic.
Examples
# Set the NTK mode of Ten-GigabitEthernet 1/0/1 to ntkonly, allowing the port to forward received packets only to devices passing authentication.
<Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
Related commands
display port-security