No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The ONT in L3 mode doesn’t get a DHCP server address on the WAN interface

Publication Date:  2018-01-30 Views:  77 Downloads:  0
Issue Description

In security logs on OLT MA5603T the customer has this
information:

Index         :
1  VLAN ID       : 11  Conflict Type :
MAC conflict  MAC-Address   : 80D4-A558-FF7F 
IP-Address    : -  F/S/P        
: 0/1/3  Flow ID       : 89 
Time          : 2017-11-15
10:47:13+01:00


 But, the ONT in L3 mode doesn’t get a DHCP server address
on the WAN interface

What could be the problem of this block / conflict? Maybe
something should be cleared on OLT?

Solution


After run the command security anti-macspoofing enable,
the MAC anti-spoofing function will be enabled, which is used to prevent
malicious users from forging MAC addresses to send packets to attack the
device.
After the MAC anti-spoofing function is enabled, the
system automatically binds a MAC address to a traffic stream.

The traffic stream can be transmitted upstream through
the device only when the source MAC address of the traffic stream is the same
as the bound MAC address. Otherwise, the traffic stream is discarded.

This can prevent DHCP and PPPoE users from attacking the
device by forging MAC addresses.

For your problem, we analyzed the log and here you have
the result :


Index        : 1 
VLAN ID       : 11 

Conflict Type : MAC conflict 
MAC-Address   : 80D4-A558-FF7F 
IP-Address   : - 
F/S/P        : 0/1/3 
Flow ID       : 89 
Time         : 2017-11-15 10:47:13+01:00

The below security log is reported when a user with the mac-address
80D4-A558-FF7F and service-port 89 send the DHCP or PPPoE packets to dial, and
the OLT check this user’s information and find that there has been a bound
relation between the mac-address 80D4-A558-FF7F and the service-port 91 after
enable the security anti-macspoofing, so the OLT reject this user, discard the
dialing packets and report the log.


 411 64d1-5449-120e     445  0/ 0/5      11    57    1     vlan        11
 412 e8bd-d1cf-5b86     703  0/ 0/1      24    75    1     vlan        24

413  80d4-a558-ff7f     91  0/ 1/ 3     11    4     1    vlan         11
 414 6466-b39d-8cc3     298  0/ 0/6      11    18    1     vlan        11
 415 74e6-e244-90da     443  0/ 0/5      11    56    1     vlan        11

Here are some points:
There may be some users who are forging the MAC address
to send the packets. You can obverse the laws, do some statistics and block the
malice user.

There may be some modems with the mac-address changed
after reboot, which may cause the issue if the mac-address is in conflict.


 



 



END