Source address anti-spoofing is implemented in either static or dynamic mode.
•
Static mode enables the table of authorized source addresses to be provisioned
statically by an operator for one of the following anti-spoofing control types:
•
Dynamic mode enables the table of authorized source addresses to be provisioned
both statically by an operator and dynamically through DHCP, and supports the
anti-spoofing control type IP-only.
Source address anti-spoofing filters are applied as follows:
•
For IP-only anti-spoofing, packets that match a configured source address are
forwarded, and non matching packets are dropped.
•
For MAC and IP anti-spoofing, packets that match a configured pair of MAC
source address and IP source address are forwarded, and non-matching packets
are dropped.
•
MAC-only anti-spoofing can be implemented in one of two modes:
Not all anti-spoofing control types apply to all traffic. Table
anti-spoofing control types and any traffic exemptions by source address
anti-spoofing mode.
Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.41
3FE 54017 AAAA TCZZA
Figure 1-3 ONT packet authorization
Forward authorized packets
Discard
unauthorized
packets
•
MAC only
•
IP-only
•
MAC and IP
•
Inclusive mode forwards packets that match a configured MAC source address, and
drops non matching packets.
•
Exclusive mode forwards packets that do not match a configured MAC source
address, and drops matching packets.
December 2010
Edition 01 ONT Product Information Guide
1 — ONT and MDU overview
Upstream packets
Authorize
packets
Authorized
source addresses
1-9
ONT
19075
identifies the
1-25