No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to allow specified mac address to access different eth ports and terminals visit to each other in a group

Publication Date:  2017-10-26 Views:  391 Downloads:  0
Issue Description

Customer has one HG8245H which includes four ETH ports connected to different terminals. There are two groups from these clients. He wants to make these two groups that can not access each other. For example group A will not visit group B resources butmembers in group B can share to other members in same group. Customer also need to control access by MAC address. There will be a white list from customer,terminal that is not included in the list will not be allowed to access to network.

 

Topology:

 

 

Solution

Analysis:

White list function:

1:HG8245H provides white lists function which can filter specified IP or mac address members access. But this is only based on whole device not port.
2:OLT which located in CO can fulfill this mac address request. Use command of ‘mac-address static service-port’ to bind user mac from terminals.

Forward mode:

1:HG8245H provides
router mode, bridge mode and L2 forward mode to customer.

2:If we use router mode, there should be created at least two WAN intferface to separate two groups with two VLANs, this needs two ip address, but customer only apply one IP from ISP. So this way is not suitable.

3:If we use bridge mode, there will be two service port in OLT, bind mac address only based on these two service port, not possible to specify detailed four MAC address to every four ports.

4:If we use L2 transparent forward mode, set related commands in OLT can help to fulfill the whole request.

4.1:Create four service port with four VLANs.

4.2:Set related four native vlan for every ETH ports of HG8245H.

4.3:Bind all service port with specified MAC address from user side.



Solution One(End-To-End Service Port):
Configuration in OLT:

1:Create vend-to-end service port for all ETH ports
MA5600T(config)#service-port vlan 100 gpon  0/2/4 ont  4  eth 1  multi-service user-vlan   100

MA5600T(config)#service-port vlan 200 gpon  0/2/4 ont  4  eth 2-4 multi-service  user-vlan  200

2:Show the index of all service port

MA5600T(config)#display mac-address static 


3: Bind mac address to service port. 40B0-34EA-36A6 will only be allowed to access ETH1. 40B0-34EA-36A7 will only be allowed to ETH2/3/4.

MA5600T(config)#mac-address static service-port 28 40B0-34EA-36A6  

MA5600T(config)#mac-address static service-port 31 40B0-34EA-36A7


Configuration in ONT:

1:In the navigation tree on the left, choose LAN > LAN Port Work Mode. In the pane on the right, determine whether the LAN port works in layer 3 mode, as shown bellow.Please unclick all the ports and keep them work in L2 transparent forward mode.

LAN Port Work Mode


Solution Two(Non End-to-End Service Port):
Configuration in OLT:
1:Create two service port for this ont.
MA5600T(config)#service-port vlan  100 gpon  0/2/4 ont  4  gemport  11 multi-service  user-vlan 100
MA5600T(config)#service-port vlan  200 gpon  0/2/4 ont  4  gemport  12 multi-service  user-vlan 200

2:Set native vlan for each ETH ports. ETH1 correspond to VLAN 100, ETH2/3/4 correspond to VLAN 200.
MA5600T(config-if-gpon-0/2)#ont port native-vlan 4 4 eth 1 vlan 100

MA5600T(config-if-gpon-0/2)#ont port native-vlan 4 4 eth 2 vlan 200

MA5600T(config-if-gpon-0/2)#ont port native-vlan 4 4 eth 3 vlan 200

MA5600T(config-if-gpon-0/2)#ont port native-vlan 4 4 eth 4 vlan 200

3: Show the index of all service port.

MA5600T(config)#display service-port port 0/2/4 ont 4

4: Bind mac address to service port. 40B0-34EA-36A6 will only be allowed to access ETH1. 40B0-34EA-36A7 will only be allowed to ETH2/3/4.
MA5600T(config)#mac-address static service-port 35 40B0-34EA-36A6  
MA5600T(config)#mac-address static service-port 39 40B0-34EA-36A7

Configuration in ONT:

1:In the navigation tree on the left, choose LAN > LAN Port Work Mode. In the pane on the right, determine whether the LAN port works in layer 3 mode, as shown bellow.Please unclick all the ports and keep them work in L2 transparent forward mode.

LAN Port Work Mode


END