Alcatel-Lucent 7330 Product Information Manual page 48

Intelligent services access manager fiber to the node

Hide thumbs Also See for 7330:

Information manual (1074 pages)

Product information manual (420 pages)

Operation and maintenance (20 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

page of 256

/ 256
Bookmarks

1 — ONT and MDU overview

If re-authentication is disabled for a port, the Session Timeout value returned by

RADIUS server is used to terminate the sessions. Re-authentication initiated by the

management system is not required.

During re-authentication, traffic to and from the user is not interrupted. The port

forwards bidirectional traffic until re-authentication is completed. If

re-authentication fails, the port is changed to unauthorized state.

An EAP Request Identity message is sent to the port when the re-authentication timer

expires.

1.10

Anti-spoofing mechanism

The system supports two features to protect against spoofing:

•

gratuitous ARP discard

•

source address anti-spoofing

Gratuitous ARP discard

A gratuitous ARP request is an ARP packet where the sender IP address and the

target IP address are the same. Attackers can use gratuitous ARP requests to corrupt

the ARP cache of a router by sending out a gratuitous ARP request that claims to be

the default router.

The system supports a discard mechanism that filters incoming traffic for gratuitous

ARP requests. When gratuitous ARP discard is enabled, incoming gratuitous ARP

requests are discarded.

Gratuitous ARP discard is implemented on a per ONT UNI port basis using TL1. See

the appropriate P-OLT TL1 documentation.

Source address anti-spoofing

Source address spoofing is an attempt to gain entry to a system by posing as a trusted

source. Although the packet cannot be routed back to the initial source, source

address spoofing can lead to unnecessary network congestion and to possible denial

of service.

To block unauthorized traffic, the system supports an anti-spoofing mechanism that

limits source address spoofing. Upstream traffic arriving at the ONT is validated for

source address. Authorized packets are forwarded and non-validated packets are

discarded, as shown in Figure 1-3.

1-24

Note —

Gratuitous ARP discard only applies for residential bridge

VLANs; in VLAN cross-connect mode, gratuitous ARP requests are

always forwarded.

December 2010

ONT Product Information Guide Edition 01

Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.41

3FE 54017 AAAA TCZZA

This manual is also suitable for:

7302

Alcatel-Lucent 7330 Product Information Manual page 48

Related Manuals for Alcatel-Lucent 7330

Related Products for Alcatel-Lucent 7330

This manual is also suitable for: