SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
User Security
Security
Vulnerability
MAC spoofing
MAC attack
IP spoofing
Issue 01 (2014-04-30)
Solution
Enable the anti-MAC-
duplicate function for OLT
and MDU.
Enable the anti-MAC
spoofing function for OLT
and MDU.
Enable the anti-IP spoofing
function for MDU.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 FTTB and FTTC Solution Configuration
Description and Usage
Suggestion
After anti-MAC-duplicate is enabled,
the system records the first MAC
address learnt from the port and binds
the MAC address to the port and
VLAN. If receiving packets sent from
the host that has the same MAC
address with the port, the system
discards the packets directly. In this
case, it can prevent users from forging
MAC addresses to perform malicious
attacks.
Use this solution for new site
deployment.
After anti-MAC spoofing is enabled,
the system can prevent users from
forging IP addresses to perform
malicious attacks.
Use this solution for new site
deployment.
After anti-IP spoofing is enabled, the
system can prevent users from forging
IP addresses to perform malicious
attacks.
Use this solution for new site
deployment.
855