Zte ZXR10 2900E Series - Access Service Configuration

To Next Page

To Previous Page

Chapter5ServiceConguration

zte(cfg)#setarp-inspectionport49limit15

zte(cfg)#setarp-inspectionvalidateipenable

zte(cfg)#setarp-inspectionvalidatedst-macenable

zte(cfg)#setarp-inspectionvalidatesrc-macenable

Note:

DAIdetectioncondition:theportsendingpacketsisanon-trustedport,andtheDAI

functionisenabledontheVLAN.WhenDHCPSnoopingisenabledandanon-trusted

portisaddedintoDHCPSnooping,DAIdetectionisvalid.

lCongurationVerication

zte(cfg)#showarp-inspection

Enabledvalidation:ip,dst-mac,src-mac

Enabledvlanlist:1

PortIdTrustTypeLimit(pps)

-------------------------

49Untrust15

50Trust-

51Trust-

52Trust-

5.18AccessServiceConguration

AccessServiceOverview

WiththerapidexpansionofEthernet,tomeetthefastincreaseofsubscribersand

requirementofdiversiedbroadbandservices,aNetworkAccessService(NAS)is

embeddedontheswitchtoimprovetheauthenticationandmanagementofaccess

subscribersandbettersupportthebilling,security,operation,andmanagementofthe

broadbandnetwork.

NASusesthe802.1xprotocolandRADIUSprotocoltorealizetheauthenticationand

managementofaccesssubscribers.Itishighlyefcient,safe,andeasytooperate.

IEEE802.1xiscalledport-basednetworkaccesscontrolprotocol.Itsprotocolsystem

includesthreekeyparts:clientsystem,authenticationsystem,andauthenticationserver.

lTheclientsystemisauserterminalsysteminstalledwiththeclientsoftware.A

subscriberoriginatestheIEEE802.1xprotocolauthenticationprocessthroughthis

clientsoftware.Tosupporttheport-basednetworkaccesscontrol,theclientsystem

mustsupporttheExtensibleAuthenticationProtocolOverLAN(EAPOL).

lTheauthenticationsystemisnetworkequipmentthatsupportstheIEEE802.1x

protocol.Correspondingtotheportsofdifferentsubscribers(theportscanbe

5-71

SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Other manuals for Zte ZXR10 2900E Series