APC IP DSLAM User's Guide download pdf (Page 19)

Introduction to the EDA 1200 System

specific VLAN (default 246) is reserved for management

traffic.

PPP

PPP can be used as access method for verifying the

identity of an End-user before granting access to the

services. PPP sessions can be forwarded towards

remote Service Providers using secure tunnels.

SNMPv3 - User

Based Access

Control

SNMPv3 provides secure access to the ECN by

authenticating and encrypting packet over the network.

Storm Control

Limit the possible rate of broadcast and multicast traffic

from the End-user.

Note: Some of the security features like filtering, Forced Forwarding and

others, will only achieve the desired effect if only EDA 1200 nodes are

deployed in the Access Domain.

2.4.1 Management Plan Protection

All management traffic is separated from any other traffic by a dedicated

management VLAN. Furthermore, the EAN embedded nodes use private IP

addresses. It is also recommended that other EDA nodes in the external

management VLAN should use private IP addresses on a different subnet.

All management interfaces and protocols such as CLI (Telnet/SSH/Console)

SNMP and Web are protected by user name and password.

Most of the nodes have Access Control List (ACL). The ACL is a filter that can

be used to allow or deny traffic from specific nodes or networks, and sometimes

also type of traffic.

The protection concept of an EDA 1200 system is illustrated in Figure 12

on page 16. The dedicated management VLANs (external and internal) are

also part of the protection concept, but they are left out of the illustration for

simplicity reasons.

1/1551-LZA 101 464-V1 Uen C 2009-12-17

1 2 ... 14 15 16 17 18 19 20 21 22 23 24 ... 66 67

No comments

APC IP DSLAM User's Guide Page 19