6-2Port Security FeaturesNTKThe need to know (NTK) feature checks the destination MAC addresses in outbound frames andallows frames to be sent to only devices passing authentication, thus preventing illegal devices fromintercepting network traffic.Intrusion protectionThe intrusion protection feature checks the source MAC addresses in inbound frames and takes apre-defined action accordingly upon detecting illegal frames. The action may be disabling the porttemporarily, disabling the port permanently, or blocking frames from the MAC address for threeminutes (unmodifiable).TrapThe trap feature enables the device to send trap messages upon detecting specified frames that resultfrom, for example, intrusion or user login/logout operations, helping you monitor special activities.Port Security ModesTable 6-1 details the port security modes.Table 6-1 Port security modesSecurity mode Description FeaturesnoRestrictions Port security is disabled on the port and access tothe port is not restricted.In this mode, neitherthe NTK nor theintrusion protectionfeature is triggered.autoLearnIn this mode, a port can learn a specified numberof MAC addresses and save those addresses assecure MAC addresses. It permits only frameswhose source MAC addresses are secure MACaddresses or static MAC addresses configured byusing the mac-address static command.When the number of secure MAC addressesreaches the upper limit, the port changes to workin secure mode.secureIn this mode, a port is disabled from learningMAC addresses and permits only frames whosesource MAC addresses are secure MACaddresses or static MAC addresses configured byusing the mac-address static command.In either mode, thedevice will trigger NTKand intrusion protectionupon detecting anillegal frame.userLoginIn this mode, a port performs 802.1Xauthentication of users in portbased mode.A port in this mode can service multiple 802.1Xusers, but allows only one at a moment.In this mode, neitherNTK nor intrusionprotection will betriggered.