HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 145

Description Use port-security ntk-mode to configure the NTK feature. Use undo port-security ntk-mode to restore the default. By default, NTK is disabled on a port and all frames are allowed to be sent. The need to know (NTK) feature checks the destination MAC addresses in outbound frames to allow frames to be sent to only devices passing authentication, preventing illegal devices from intercepting network traffic. Related commands: display port-security. Examples # Set the NTK mode of port GigabitEthernet 1/0/1 to ntkonly, allowing the port to forward received packets to only devices passing authentication. system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port-security ntk-mode ntkonly port-security oui Syntax port-security oui oui-value index index-value View undo port-security oui index index-value System view Default level 2: System level Parameters oui-value: Specifies an organizationally unique identifier (OUI) string, a 48-bit MAC address in the H-H-H format. The system uses only the 24 high-order bits as the OUI value. index-value: Specifies the OUI index, in the range of 1 to 16. Description Use port-security oui to configure an OUI value for user authentication. This value is used when the port security mode is userLoginWithOUI. Use undo port-security oui to delete the OUI value with the specified OUI index. By default, no OUI value is configured. An OUI, the first 24 binary bits of a MAC address, is assigned by IEEE to uniquely identify a device vendor. Use this command when you configure a device to allow packets from certain wired devices to pass authentication or to allow packets from certain wireless devices to initiate authentication. For example, when a company allows only IP phones of vendor A in the Intranet, use this command to set the OUI of vendor A. Related commands: display port-security. Examples # Configure an OUI value of 000d2a, setting the index to 4. 136