To Next Page

To Previous Page

ZXR102900ESeriesCongurationGuide

zte(cfg)#setarp-inspectionvlan1enable

zte(cfg)#setarp-inspectionport49untrust

zte(cfg)#setarp-inspectionport49limit15

zte(cfg)#setarp-inspectionvalidateipenable

zte(cfg)#setarp-inspectionvalidatedst-macenable

zte(cfg)#setarp-inspectionvalidatesrc-macenable

Note:

DAIdetectioncondition:theportsentisnon-trustedport,DAIfunctionisenabledon

theVLAN.WhenDHCPSnoopingisenabledandnon-trustedportisaddedintoDHCP

Snooping,DAIdetectionisvalid.

lCongurationVerication

zte(cfg)#showarp-inspection

Enabledvalidation:ip,dst-mac,src-mac

Enabledvlanlist:1

PortIdTrustTypeLimit(pps)

-------------------------

49Untrust15

50Trust-

51Trust-

52Trust-

4.19AccessServiceConguration

AccessServiceOverview

WiththerapidexpansionofEthernetconstructionscale,tomeetthefastincreaseof

subscribersandrequirementofdiversiedbroadbandservices,NetworkAccessService

(NAS)isembeddedontheswitchtoimprovetheauthenticationandmanagementof

accesssubscribersandbettersupportthebilling,security,operation,andmanagement

ofthebroadbandnetwork.

NASusesthe802.1xprotocolandRADIUSprotocoltorealizetheauthenticationand

managementofaccesssubscribers.Itishighlyefcient,safe,andeasytooperate.

IEEE802.1xiscalledport-basednetworkaccesscontrolprotocol.Itsprotocolsystem

includesthreekeyparts:clientsystem,authenticationsystem,andauthenticationserver.

lTheclientsystemisgenerallyauserterminalsysteminstalledwiththeclientsoftware.

AsubscriberoriginatestheIEEE802.1xprotocolauthenticationprocessthroughthis

clientsoftware.Tosupporttheport-basednetworkaccesscontrol,theclientsystem

mustsupporttheExtensibleAuthenticationProtocolOverLAN(EAPOL).

4-66

SJ-20120409144109-002|2012-07-02(R1.0)ZTEProprietaryandCondential

Zte ZXR10 2952E User Manual

Questions and Answers: