R2511-HP MSR Router Series Security Command Reference(V5)
170
Usage guidelines
The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow
frames to be sent to only devices passing authentication, preventing illegal devices from intercepting
network traffic.
If a wireless port has online users, you cannot change its NTK settings.
The following matrix shows the command and router compatibility:
Command MSR900 MSR93
X
MSR20-1
X
MSR20
MSR30
MSR50 MSR1000
port-security
ntk-mode
Yes No Yes Yes Yes Yes Yes
Examples
# Set the NTK mode of port GigabitEthernet 1/1 to ntkonly, allowing the port to forward received
packets to only devices passing authentication.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/1
[Sysname-GigabitEthernet1/1] port-security ntk-mode ntkonly
Related commands
display port-security
port-security oui
Use port-security oui to configure an OUI value for user authentication.
Use undo port-security oui to delete the OUI value with the specified OUI index.
Syntax
port-security oui oui-value index index-value
undo port-security oui index index-value
Default
No OUI value is configured.
Views
System view
Default command level
2: System level
Parameters
oui-value: Specifies an organizationally unique identifier (OUI) string, a 48-bit MAC address in the
H-H-H format. The system uses only the 24 high-order bits as the OUI value.
index-value: Specifies the OUI index in the range of 1 to 16.
Usage guidelines
An OUI, the first 24 binary bits of a MAC address, is assigned by IEEE to uniquely identify a device
vendor. Use this command when you configure a device to allow packets from certain wired devices to
pass authentication or to allow packets from certain wireless devices to initiate authentication. For