基本介紹
作用,交換機,
作用
MAC-Forced Forwarding (MACFF) is used to control unwanted broadcast traffic and host-to-host communication. This is achieved by directing network traffic from hosts located on the same subnet but at different locations to an upstream gateway device. This provides security at Layer 2 since no traffic is able to pass directly between the hosts.
MACFF is suitable for Ethernet networks where a layer 2 bridging device, known as an Ethernet Access Node (EAN), connects Access Routers to their clients. MACFF is configured on the EANs.
MACFF is described in RFC 4562, MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network.
Allied Telesis switches implement MACFF[1] using DHCP snooping to maintain a database of the hosts that appear on each switch port. When a host tries to access the network through a switch port, DHCP snooping checks the host’s IP address against the database to ensure that the host is valid.
交換機
Allied Telesis交換機將MACFF的概念套用到DHCP窺探(DHCP snooping)中,後者主要是用於維護一個連線到每個交換機連線埠的主機資料庫信息.當一台主機試圖通過一個交換機連線埠接入網路時,DHCP窺探(DHCP snooping)就會將這台主機的IP位址與資料庫中的信息進行比對,以確認該主機具有接入網路的許可權.
MACFF then uses DHCP snooping to check whether the host has a gateway Access Router. If it does, MACFF uses a form of Proxy ARP to reply to any ARP requests, giving the router's MAC address. This forces the host to send all traffic to the router, even traffic destined to a host in the same subnet as the source. The router receives the traffic and makes forwarding decisions based on a set of forwarding rules, typically a QoS policy or a set of filters.