R2511-HP MSR Router Series Security Configuration Guide(V5)
133
Ste
p
Command
Remarks
4. Set the port security mode.
port-security port-mode
{ autolearn | mac-authentication |
mac-else-userlogin-secure |
mac-else-userlogin-secure-ext |
secure | userlogin |
userlogin-secure |
userlogin-secure-ext |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext |
userlogin-withoui }
By default, a port operates in
noRestrictions mode.
The following matrix shows the autoLearn, secure and userLogin modes on Layer 2 Ethernet ports and
router compatibility:
Security
mode
MSR9
00
MSR
93
X
MSR20
-1
X
MSR
20
MSR30 MSR50
MSR1
000
autoLearn No No No No
Only available on
MSR30-11E and
MSR30-11F routers
No No
secure No No No No
Only available on
MSR30-11E and
MSR30-11F routers
No No
userLogin Yes Yes Yes Yes
Only available on
other MSR30 series
with FSW modules
installed
Only available on
MSR50 routers
with FSW modules
installed
Yes
Configuring port security features
Configuring NTK
The NTK feature checks destination MAC addresses in outbound frames to make sure frames are
forwarded only to authenticated devices. Any unicast frame with an unknown destination MAC address
is discarded. Not all port security modes support triggering the NTK feature. For more information,
see Table 8.
T
he NTK feature supports the following modes:
• ntkonly—Forwards only unicast frames with authenticated destination MAC addresses.
• ntk-withbroadcasts—Forwards only broadcast frames and unicast frames with authenticated
destination MAC addresses.
• ntk-withmulticasts—Forwards only broadcast frames, multicast frames, and unicast frames with
authenticated destination MAC addresses.
To configure the NTK feature:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A