Configuring port security features, Configuring the ntk feature, Configuring intrusion protection – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 147
18-6
z
Before setting the port security mode to autolearn, you need to set the maximum number of MAC
addresses allowed on the port with the port-security max-mac-count command.
z
After you set the port security mode to autolearn, you cannot configure any static or blackhole
MAC addresses on the port.
z
If the port is in a security mode other than noRestriction, before you can change the port security
mode, you need to restore the port security mode to noRestriction with the undo port-security
port-mode
command.
If the port-security port-mode mode command has been executed on a port, none of the following can
be configured on the same port:
z
Maximum number of MAC addresses that the port can learn
z
Reflector port for port mirroring
z
Link aggregation
Configuring Port Security Features
Configuring the NTK feature
Follow these steps to configure the NTK feature:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port
view
interface
interface-type
interface-number
—
Configure the NTK
feature
port-security ntk-mode
{ ntkonly |
ntk-withbroadcasts
|
ntk-withmulticasts
}
Required
Be default, NTK is disabled on a port, namely
all frames are allowed to be sent.
The WX3000 series devices do not support the ntkonly NTK feature.
Configuring intrusion protection
Follow these steps to configure the intrusion protection feature:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface
interface-type
interface-number
—
Set the corresponding action to be
taken by the device when intrusion
protection is triggered
port-security intrusion-mode
{ disableport |
disableport-temporarily
|
blockmac
}
Required
By default, no action is taken when
intrusion protection is triggered.