Mac Forced Forwarding - ZyXEL Communications MSC1000G User Manual

Table 48 DHCPv6 Relay (continued)
LABEL
Apply
New
Cancel
Index
VID
LDRA
Option37
Option18
(Interface ID)
Info
Option37
(Remote ID) Info
Select
Modify
Delete

4.27 MAC Forced Forwarding

Use MAC forced forwarding to hide internal server information from subscribers. The MSC forwards
a subscriber's ARP (Address Resolution Protocol) requests to a pre-defined Access Router (AR) or
Application Server (AS). The AR or AS routes or forwards subscriber traffic so the subscribers do
not know the MAC addresses of servers on the network. A network administrator can use the AR or
AS to monitor and manage subscriber traffic. The IES drops downstream ARP replies from devices
other than the AR or AS. This prevents attackers from getting MAC address information from your
network and improves the network bandwidth usage performance.
An example is shown next, MAC forced forwarding is disabled on the left. A is a subscriber who
sends an ARP request to ask a server's (S) MAC address. All subscribers, router (AR), and S receive
a copy from the MSC (D). S then replies to A's request. A and S communicate directly for further
data transmission. In this case, all subscribers in the network can know the servers' MAC address
information.
However, with MAC forced forwarding enabled (as shown on the right), D will reply to A's ARP
request with AR's MAC address. A sends traffic to AR. AR forwards the traffic to S. In this case,
none of the subscribers can know S's MAC address.
Management Switch Card User's Guide
DESCRIPTION
Click Apply to save the changes in this screen to the system's volatile memory. The
system loses these changes if it is turned off or loses power, so use the Config Save link
on the navigation panel and then the Save button to save your changes to the non-
volatile memory when you are done configuring.
Click New to create a new DHCP relay entry.
Click Cancel to begin configuring this screen afresh.
This is the index number of an entry.
This is the ID number of the VLAN group.
This field displays whether LDRA is activated or not.
This field displays whether or not the system adds option 37 (Remote ID Info) to the
client DHCPv6 requests forwarded for this VLAN.
This field displays the option 18 (Interface ID) information to add to the client DHCPv6
requests forwarded for this VLAN to identify the interface which received the client
message.
This field displays the option 37 (Remote ID) information to add to the client DHCPv6
requests forwarded for this VLAN.
Select an entry's Select check box and click Delete to remove the entry or click Modify
to edit the entry.
Click Modify to change the settings of the selected entry.
Click Delete to remove the selected entries.
Chapter 4 Access Control List Screens
139