1-8z You cannot change the maximum number of secure MAC addresses allowed on a port thatoperates in autoLearn mode.z OUI, defined by IEEE, is the first 24 bits of the MAC address and uniquely identifies a devicevendor.z You can configure multiple OUI values. However, a port in userLoginWithOUI mode allows onlyone 802.1X user and one user whose MAC address contains a specified OUI.z After enabling port security, you can change the port security mode of a port only when the port isoperating in noRestrictions mode, the default mode. To change the port security mode of a portoperating in any other mode, use the undo port-security port-mode command to restore thedefault port security mode at first.z You cannot change the port security mode of a port with users online.Configuring Port Security FeaturesConfiguring NTKThe need to know (NTK) feature checks the destination MAC addresses in outbound frames to allowframes to be forwarded to only devices passing authentication. The NTK feature supports three modes:z ntkonly: Forwards only frames destined for authenticated MAC addresses.z ntk-withbroadcasts: Forwards only frames destined for authenticated MAC addresses or thebroadcast address.z ntk-withmulticasts: Forwards only frames destined for authenticated MAC addresses, multicastaddresses, or the broadcast address.By default, NTK is disabled on a port and the port forwards all frames. With NTK configured, a port willdiscard any unicast packet with an unknown MAC address no matter in which mode it operates.Follow these steps to configure the NTK feature:To do… Use the command… RemarksEnter system view system-view —Enter interface view interface interface-typeinterface-number —Configure the NTK featureport-security ntk-mode{ ntk-withbroadcasts |ntk-withmulticasts | ntkonly }RequiredBy default, NTK is disabled on aport and all frames are allowed tobe sent.Support for the NTK feature depends on the port security mode.