Configuring NTK
The NTK feature checks the destination MAC addresses in outbound frames to make sure frames are forwarded only to authenticated devices.
The NTK feature supports the following modes:
ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated destination MAC addresses.
ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames with authenticated destination MAC addresses.
The NTK feature drops any unicast frame with an unknown destination MAC address. Not all port security modes support triggering the NTK feature. For more information, see Table 15.
To configure the NTK feature:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure the NTK feature. | port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly } | By default, NTK is disabled on a port and all frames are allowed to be sent. |