NOTE
Enable a service security function based on the service type. For details, see 11.2.7 Principle of Security Data
Plan.
Procedure
l Configure link aggregation.
The following configurations are used as an example to configure link aggregation:
– Uplink ports 0/19/0 and 0/19/1 are added to a LAG.
– The two ports send packets upstream based on the packets' source MAC addresses.
– The LAG works in Link Aggregation Control Protocol (LACP) static aggregation mode.
huawei(config)#link-aggregation 0/19 0-1 ingress workmode lacp-static
l Configure queue scheduling.
According to quality of service (QoS) planning principles, all packets are scheduled in strict
priority (SP) mode and mapped to queues according to the packets' priorities. For details
about QoS planning principles, see 11.2.2 Principle of QoS Data Plan.
huawei(config)#queue-scheduler strict-priority
huawei(config)#cos-queue-map cos0 0 cos4 4 cos5 5 cos6 6
l Configure system security.
– Enable deny of service (DoS) anti-attack on both the OLT and optical network units
(ONUs).
1. Run the security anti-dos enable command to globally enable DoS anti-attack.
2. Run the security anti-dos control-packet policy command to configure a
protocol packet processing policy that will be used when a DoS attack occurs.
3. Run the security anti-dos control-packet rate command to configure the
threshold for the rate of sending protocol packets to the CPU.
– Enable IP address anti-attack on both the OLT and ONUs.
Run the security anti-ipattack enable command to enable IP address anti-attack.
l Configure user security.
– Enable MAC address anti-flapping on both the OLT and ONUs.
Run the security anti-macduplicate enable command to enable MAC address anti-
flapping.
– Enable MAC address anti-spoofing on both the OLT and ONUs.
1. In global config mode, run the security anti-macspoofing enable command to
globally enable MAC address anti-spoofing.
2. Enable MAC address anti-spoofing at VLAN level in global config mode or
service profile mode:
a. In global config mode, run the security anti-macspoofing vlan command
to enable MAC address anti-spoofing.
b. Perform the following operations to enable MAC address anti-spoofing in
service profile mode:
a. In global config mode, run the vlan service-profile command to create
a VLAN service profile.
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
11 FTTB and FTTC Solution Configuration
Issue 01 (2014-04-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1040
To Next Page
Loading...
Need help?
General
