EasyManua.ls Logo

Zte ZXA10 C300 - Configuring MFF

Zte ZXA10 C300
301 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter14AccessSecurityConguration
ZXAN(config)#interfacegpon-onu_1/5/1:2
ZXAN(config-if)#ip-source-guardip-limitipv42ipv64
3.ConguretheserviceportVLAN.
ZXAN(config-if)#service-port1vport1user-vlan100vlan200
4.EnabletheIPsourceguardontheserviceport.
ZXAN(config-if)#ip-source-guardenablesport1
5.ConguretheIPv4DHCPsnoopingstaticbinding.
ZXAN(config-if)#ipdhcpsnoopingbinding1.1.1.2sport1
6.ConguretheIPv6DHCPsnoopingstaticbinding.
ZXAN(config-if)#ipv6dhcpsnoopingbindingmac-address2365.1498.23692001::ff01
ipv6-mask128sport1
7.(Optional)QuerytheIPsourceguardstatus.
ZXAN(config)#showip-source-guard
globalip-source-guardstatus:enable
8.(Optional)QuerytheIPv4DHCPsnoopingstaticbinding.
ZXAN(config-if)#showipdhcpsnoopingstaticportgpon-onu_1/5/1:2
PortSportIP-addrMAC-addr
gpon-onu_1/5/1:211.1.1.20000.0000.0000
9.(Optional)QuerytheIPv6DHCPsnoopingstaticbinding.
ZXAN(config-if)#showipv6dhcpsnoopingstaticportgpon-onu_1/5/1:2
PortSportIPv6-addrMaskMAC-addr
gpon-onu_1/5/1:212001::ff011282365.1498.2369
EndofSteps
14.6ConguringMFF
ThissectiondescribeshowtocongureMFFtoimplementlayer-3interworkingbetween
subscribersandpreventmaliciousattacks.
Context
TheMACforcedforwarding(MFF)functionprohibitsinterworkingbetweentwosubscribers
inthesamesubnetandforcedlyforwardstheupstreamowsofthesubscriberstothe
gateway.Thegatewaythenforwardstheowstoimplementlayer-3interworkingbetween
subscribers.Thegatewaycananalyzetrafcbetweensubscriberstopreventmalicious
attacks.
Steps
1.EnableMFF .
ZXAN(config)#ip-servicemac-forced-forwardingenable
14-13
SJ-20130520164529-007|2013-06-30(R1.0)ZTEProprietaryandCondential

Table of Contents

Other manuals for Zte ZXA10 C300

Preview: Maintenance Manual
Maintenance Manual75 pages
Preview: Installation Guide
Installation Guide108 pages