Configuring Port Security FeaturesConfiguring the NTK featureFollow these steps to configure the NTK feature:To do... Use the command... RemarksEnter system view —system-viewinterface interface-typeinterface-numberEnter Ethernet port view —Requiredport-security ntk-mode{ ntkonly |ntk-withbroadcasts |ntk-withmulticasts }By default, NTK is disabled ona port, namely all frames areallowed to be sent.Configure the NTK featureConfiguring intrusion protectionFollow these steps to configure the intrusion protection feature:To do... Use the command... RemarksEnter system view —system-viewinterface interface-typeinterface-numberEnter Ethernet port view —RequiredSet the corresponding action tobe taken by the switch whenintrusion protection is triggeredport-security intrusion-mode{ blockmac | disableport |disableport-temporarily } By default, intrusionprotection is disabled.Return to system view —quitOptionalSet the timer during which theport remains disabledport-security timer disableporttimer 20 seconds by defaultThe port-security timer disableport command is used in conjunction with the port-securityintrusion-mode disableport-temporarily command to set the length of time period during which theport remains disabled.If you configure the NTK feature and execute the port-security intrusion-mode blockmac commandon the same port, the switch will be unable to disable the packets whose destination MAC address isillegal from being sent out that port; that is, the NTK feature configured will not take effect on the packetswhose destination MAC address is illegal.15-10