R2511-HP MSR Router Series Security Command Reference(V5)
169
Parameters
count-value: Specifies the maximum number of MAC addresses that port security allows on the port. The
value range is 1 to 1024.
Usage guidelines
In autoLearn mode, this command sets the maximum number of secure MAC addresses (both configured
and automatically learned) on the port.
In any other mode that enables 802.1X, MAC authentication, or both, this command sets the maximum
number of authenticated MAC addresses on the port. The actual maximum number of concurrent users
that the port accepts equals this limit or the authentication method's limit on the number of concurrent
users, whichever is smaller. For example, in userLoginSecureExt mode, if 802.1X allows less concurrent
users than port security's limit on the number of MAC addresses, port security's limit takes effect.
You cannot change port security's limit on the number of MAC addresses when the port is operating in
autoLearn mode or is a wireless port that has online users.
Examples
# Set port security's limit on the number of MAC addresses to 100 on port GigabitEthernet 1/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/1
[Sysname-GigabitEthernet1/1] port-security max-mac-count 100
Related commands
display port-security
port-security ntk-mode
Use port-security ntk-mode to configure the NTK feature.
Use undo port-security ntk-mode to restore the default.
Syntax
port-security ntk-mode { ntk-withbroadcasts | ntk-withmulticasts | ntkonly }
undo port-security ntk-mode
Default
NTK is disabled on a port and all frames are allowed to be sent.
Views
Ethernet interface view, WLAN-BSS interface view
Default command level
2: System level
Parameters
ntk-withbroadcasts: Forwards only broadcast frames and unicast frames with authenticated destination
MAC addresses.
ntk-withmulticasts: Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
ntkonly: Forwards only unicast frames with authenticated destination MAC addresses.