Ip Security - Paradyne BitStorm 4800 User Manual

Ip dslam

Hide thumbs Also See for BitStorm 4800:

Installation manual (52 pages)

Installation manual (68 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

Table of Contents

A. CLI Command Descriptions

IP Security

Entries in the table of allowed IP addresses are made in one of two ways:

Entries in this table are used for two functions:

When IP Security is enabled for a DSL port, the restrictions on upstream data flow

described above are enforced. In addition to restricting communication to only

those addresses that are in the table, a maximum can be set on the number of

addresses that can be in use on a port. This number is the sum of the static and

dynamic entries for that port. If the limit is reached, the unit will block all requests

for allocation of additional addresses via DHCP. This condition remains until one of

the following happens:

A-38

Dynamic entries are automatically learned by the unit by monitoring DHCP

messages that pass through the unit between a subscriber's host and a DHCP

server. Learning of dynamic entries in this manner is always active. Dynamic

entries are not retained in non-volatile storage so they are lost when the unit is

reset or loses power. Dynamic entries are removed if and when the lease on

the DHCP-provided address expires or when the host relinquishes its lease on

the address.

Static entries are entered by an administrator using the

. Static entries are saved in non-volatile storage and can only be

add command

removed by administrator action.

If the bridge mode is configured for multiplexing, entries in the table control the

flow of hardware (MAC) address information via ARP requests and responses

passing through the unit.

If the unit is configured for multiplexing and there is not an entry in this table

for a subscriber's host, that host will not be able to obtain MAC address

information for other hosts on the subnet via the BitStorm 4800. In addition,

hosts that are connected on the upstream side of the unit will not be able to

obtain MAC information for this subscriber's host. (A host that is connected on

the DSL side of the unit cannot obtain MAC address information about any

host other than the port's Next Hop Router when the unit is configured for

multiplexing.)

For typical TCP/IP communications, the inability to obtain MAC address

information effectively blocks communications. However, it may have no effect

at all on other protocols (such as PPPoE) that do not require the MAC address

information that is obtained via ARP messages.

If IP Security is enabled for a DSL port, the unit drops all messages that are

received at that port whose Ethertype is not either ARP or IP and whose

source IP address is not found in the IP address table.

The lease on an existing dynamic entry for this port expires

A subscriber's host connected to this port releases its DHCP-assigned

address

One or more entries are deleted from the table by an administrator

The limit on the number of entries is increased

IP Security is disabled on the port

July 2002

configure security ip

4800-A2-GB20-10

Table of Contents

Show Quick Links

Quick Links:
Password

Hide quick links:

Table of Contents

Ip Security - Paradyne BitStorm 4800 User Manual

IP Security

Hide quick links:

Related Manuals for Paradyne BitStorm 4800

Related Content for Paradyne BitStorm 4800

Table of Contents