IP Filtering
7-4
8000-A2-GB21-30
April 1998
Management Traffic Leakage
Filtering can be used to prevent unwanted traffic from leaking into the
management domain. That is, filtering prevents NSP packets with management
IP destinations from being accepted for local delivery or routing.
For example, if the NSP network is 155.1.00.00 and the management network is
135.1.00.00, filters can be defined that would prevent any traffic entering from the
10BaseT port from being forwarded to the 135.1.00.00 network through the DSL
card.
NSP
97-15460-01
Router
10BaseT
MCC Card
DSL Card
135.1.00.00
155.1.00.00
X
NOTE:
Filters reduce packet throughput.
For instructions on how to set filters to prevent unwanted traffic from leaking into
the management domain, see Chapter 5,
DSL Card Configuration
, of the
Hotwire
DSLAM for 8540 and 8546 DSL Cards User’s Guide
.
Service Security
Filtering on the upstream DSL ports can be used to ensure that only end-user
systems with valid IP addresses are able to route traffic to the service domain.
That is, filtering would block traffic from being routed upstream by another
end-user system that spoofs (attempts to gain access to another system by
posing as an authorized user) an IP address of an end-user system connected to
a different Hotwire RTU.
The following illustration is an example of this type of filtering:
97-1549
End-user
System 1
RTU
DSL Card
X
End-user
System 2
RTU
155.1.3.4
155.1.3.4
For information on how to set filters on the upstream DSL ports, see Chapters 5
and 6 of the
Hotwire DSLAM for 8540 and 8546 DSL Cards User’s Guide
.
