– Enable IP address anti-attack on the OLT.
Run the security anti-ipattack enable command to enable IP address anti-attack.
l Configure user security.
– Enable MAC address anti-flapping on the OLT.
Run the security anti-macduplicate enable command to enable MAC address anti-
flapping.
– Enable MAC address anti-spoofing on the OLT.
1. In global config mode, run the security anti-macspoofing enable command to
globally enable MAC address anti-spoofing.
2. Enable MAC address anti-spoofing at VLAN level in global config mode or
service profile mode:
a. In global config mode, run the security anti-macspoofing vlan command
to enable MAC address anti-spoofing.
b. Perform the following operations to enable MAC address anti-spoofing in
service profile mode:
a. In global config mode, run the vlan service-profile command to create
a VLAN service profile.
b. Run the security anti-macspoofing enable command to enable MAC
address anti-spoofing at VLAN level.
c. Run the commit command to make the profile configuration take
effect.
d. Run the quit command to quit the VLAN service profile mode.
e. Run the vlan bind service-profile command to bind the created VLAN
service profile to a VLAN.
3. (Optional) Run the security anti-macspoofing max-mac-count command to set
the maximum number of MAC addresses that can be bound to a service flow.
4. (Optional) Run the security anti-macspoofing exclude command to configure
the types of packets for which MAC address anti-spoofing does not take effect,
such as Internet Group Management Protocol (IGMP) packets.
l Configure service security.
– Enable Dynamic Host Configuration Protocol (DHCP) Option 82 on the OLT. This
configuration is recommended for the DHCP-based Internet access service.
1. DHCP Option 82 can be enabled or disabled at four levels: global, port, VLAN,
and service port levels. This function takes effect only after it is enabled at the
four levels. Among the four levels, DHCP Option 82 is disabled only at the global
level by default.
– The global level: In global config mode, run the dhcp option82 command to
enable DHCP Option 82 at the global level.
When you run this command, select the enable, forward, or rebuild
parameter based on site requirements. The three parameters can all enable
DHCP Option 82 but provide different packet processing policies on the OLT.
For details, see the dhcp option82 command.
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
12 FTTO Configuration(SOHO and SME)
Issue 01 (2014-04-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1181
To Next Page
Loading...
Need help?
General
