1 — ONT and MDU overview
Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.42a March 2011 1-25
3FE 54199 AAAA TCZZA Edition 01 ONT Product Information Guide
To block unauthorized traffic, the system supports an anti-spoofing mechanism that
limits source address spoofing. Upstream traffic arriving at the ONT is validated for
source address. Authorized packets are forwarded and non-validated packets are
discarded, as shown in Figure 1-3.
Figure 1-3 ONT packet authorization
Source address anti-spoofing is implemented in either static or dynamic mode.
• Static mode enables the table of authorized source addresses to be provisioned
statically by an operator for one of the following anti-spoofing control types:
• MAC only
• IP-only
• MAC and IP
• Dynamic mode enables the table of authorized source addresses to be provisioned
both statically by an operator and dynamically through DHCP, and supports the
anti-spoofing control type IP-only.
Source address anti-spoofing filters are applied as follows:
• For IP-only anti-spoofing, packets that match a configured source address are
forwarded, and non matching packets are dropped.
• For MAC and IP anti-spoofing, packets that match a configured pair of MAC
source address and IP source address are forwarded, and non-matching packets
are dropped.
• MAC-only anti-spoofing can be implemented in one of two modes:
• Inclusive mode forwards packets that match a configured MAC source address, and
drops non matching packets.
• Exclusive mode forwards packets that do not match a configured MAC source
address, and drops matching packets.
Not all anti-spoofing control types apply to all traffic. Table 1-10 identifies the
anti-spoofing control types and any traffic exemptions by source address
anti-spoofing mode.
Upstream packets
ONT
Forward authorized packets
Discard
unauthorized
packets
Authorized
source addresses
19075
Authorize
packets
To Next Page
Loading...
