Huawei SmartAX MA5603T Configuration Manual page 601

SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
Security
Vulnerability
IP attack
User Security
Security
Vulnerability
MAC spoofing
MAC attack
IP spoofing
Issue 01 (2014-04-30)
Solution
Enable the anti-IP-attack
function for OLT.
Solution
Enable the anti-MAC-
duplicate function for OLT.
Enable the anti-MAC
spoofing function for OLT.
Enable the anti-IP spoofing
function for OLT.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 FTTH Configuration
Description and Usage
Suggestion
After the anti-IP-attack function is
enabled, a device discards the IP
packets received from the user side
whose destination IP address is the IP
address of the device, and therefore
the system is protected.
Use this solution for new site
deployment.
Description and Usage
Suggestion
After anti-MAC-duplicate is enabled,
the system records the first MAC
address learnt from the port and binds
the MAC address to the port and
VLAN. If receiving packets sent from
the host that has the same MAC
address with the port, the system
discards the packets directly. In this
case, it can prevent users from forging
MAC addresses to perform malicious
attacks.
Use this solution for new site
deployment.
After anti-MAC spoofing is enabled,
the system can prevent users from
forging MAC addresses to perform
malicious attacks.
Use this solution for new site
deployment.
After anti-IP spoofing is enabled, the
system can prevent users from forging
IP addresses to perform malicious
attacks.
Use this solution for new site
deployment.
576