Configuring Anti-Theft And Roaming Of User Account Through Pitp - Huawei SmartAX MA5616 Configuration Manual

SmartAX MA5616 Multi-service Access Module
Configuration Guide
Parameter
DHCP option82 Global function: disabled
Anti-IP
spoofing
Anti-MAC
spoofing
3.10.1 Configuring Anti-Theft and Roaming of User Account
Through PITP
Policy Information Transfer Protocol (PITP) is mainly used for the user PPPoE dialup access.
It is a protocol defined for transferring policy information between the access device and the
Broadband Remote Access Server (BRAS) through L2 P2P communication. PITP can be used
for transferring the user physical port information and protecting the user account against theft
and roaming.
Context
PITP is used for providing the user port information for the BRAS. After the BRAS obtains the
user port information, the BRAS binds the user account to the user port, thus protecting the user
account against theft and roaming. PITP has two modes, the PPPoE+ mode (also called the PITP
P mode) and the VBAS mode (also called the PITP V mode).
l
l
PITP is applicable to the networking of a standalone MA5616 and the networking of subtended
MA5616s.
l
l
The principles in the two scenarios are similar. The user dials up from PC1 by using the
corresponding user account. The BRAS binds the user account to the user's physical port
information reported by the MA5616. When the user of PC2 dials up by using the user account
Issue 04 (2011-10-30)
Default Setting
VLAN-level function: enabled
Global function: disabled
VLAN-level function: disabled
Global function: disabled
VLAN-level function: disabled
Service-port-level status: enabled By
default, up to eight MAC addresses
can be bound.
PPPoE+ mode: It means during the PPPoE negotiation between the users and BRAS, the
device adds TAG to PPPoE packets and transmits the port information to the BRAS.
VBRAS mode: It means during the PPPoE negotiation between the users and BRAS, the
BRAS sends VBRAS enquiry packets to the device to request the device to report the port
information. The device sends the port information to the BRAS by VBRAS response
packets.
In the networking of a standalone MA5616: Two PCs (PC1 and PC2) are connected to
different ports of the MA5616 for the dialup access.
In the networking of subtended MA5616s: Two PCs (PC1 and PC2) are connected to
different MA5616s (PC1 is connected to the MA5616, and PC2 is connected to the
MA5616 through a subtended device) for the dialup access.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Basic Configuration
Remarks
The DHCP option82 function can
be enabled only when the functions
at all levels are enabled.
The anti-IP spoofing function can
be enabled only when the functions
at all levels are enabled.
The anti-MAC spoofing function
can be enabled only when the
functions at all levels are enabled.
80