1. Enable loop detection by running the ring check enable command.
With this feature enabled, if the MA5606T receives the private BPDU packets from a user port, the MA5606T blocks the user port and generats a corresponding alarm.
This feature depends on whether the modem transparently transmits the bridge protocol packets used to implement the loop detection. This is because many modems in the current network cannot transparently transmit the bridge protocol packets, and thus the loop detection cannot be implemented.
2. Enable anti MAC spoofing by running the security anti-macspoofing enable command.
When the source MAC address of the traffic stream is the same as the bound MAC address, the traffic stream can be upstream transmitted through the device. Otherwise, the packets are discarded.
The system cannot determine whether the current traffic stream is in a loop, thus discarding packets whose source MAC address is different from the bound MAC address.
3. Enable MAC address filtering by running the security mac-filter source xxxx-xxxx-xxxx command.
After the configuration is complete, IP packets with the prohibited source MAC address are discarded. This prevents the carrier's network from being attacked by a malicious user with fake MAC address of the device.
The system supports filtering at a maximum of four MAC addresses and the attacks with the filtered MAC addresses can be prevented.
