Configuring NTK
The NTK feature checks the destination MAC addresses in outbound frames to make sure that frames are forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC address is discarded. Not all port security modes support triggering the NTK feature. For more information, see Table 13
The NTK feature supports the following modes:
ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated destination MAC addresses.
ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames with authenticated destination MAC addresses.
To configure the NTK feature:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure the NTK feature. | port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly } | By default, NTK is disabled on a port and all frames are allowed to be sent. |