MAC-Forced Forwarding

MAC-Forced Forwarding

MAC-Forced Forwarding (MACFF) is used to control unwanted broadcast traffic and host-to-host communication. This is achieved by directing network traffic from hosts located on the same subnet but at different locations to an upstream gateway device. This provides security at Layer 2 since no traffic is able to pass directly between the hosts.

MACFF is suitable for Ethernet networks where a layer 2 bridging device, known as an Ethernet Access Node (EAN), connects Access Routers to their clients. MACFF is configured on the EANs.

MACFF is described in RFC 4562, MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network.

Allied Telesis switches implement MACFF [ [http://www.alliedtelesis.com/media/datasheets/howto/macff_w-dhcp_vlans_sd_b.pdf Using MACFF with DHCP Snooping] ] using DHCP snooping to maintain a database of the hosts that appear on each switch port. When a host tries to access the network through a switch port, DHCP snooping checks the host’s IP address against the database to ensure that the host is valid.

MACFF then uses DHCP snooping to check whether the host has a gateway Access Router. If it does, MACFF uses a form of Proxy ARP to reply to any ARP requests, giving the router's MAC address. This forces the host to send all traffic to the router, even traffic destined to a host in the same subnet as the source. The router receives the traffic and makes forwarding decisions based on a set of forwarding rules, typically a QoS policy or a set of filters.

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Media access control — The OSI model 7 Application layer 6 Presentation layer 5 Session layer 4 Transport layer 3 Network layer 2 …   Wikipedia

  • Media Access Control — The Media Access Control (MAC) data communication protocol sub layer, also known as the Medium Access Control, is a sublayer of the Data Link Layer specified in the seven layer OSI model (layer 2). It provides addressing and channel access… …   Wikipedia

  • Objective-C — Paradigm(s) reflective, object oriented Appeared in 1983 Designed by Tom Love Brad Cox Developer Apple Inc. Typing discipline …   Wikipedia

  • Spanning Tree Protocol — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

  • Digital video recorder — Foxtel iQ, a combined digital video recorder and satellite receiver. V+, a combined digital vid …   Wikipedia

  • X Window System — X11 redirects here. For other uses, see X11 (disambiguation). A historical example of graphical user interface and applications common to the MIT X Consortium s distribution running under the twm window manager: X Terminal, Xbiff, xload and a… …   Wikipedia

  • Anonymous remailer — An anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they originally came from. There are Cypherpunk anonymous remailers,… …   Wikipedia

  • NX technology — Not to be confused with NX (software) or NX bit. NX technology is a computer program that handles remote X Window System connections, and attempts to greatly improve on the performance of the native X display protocol to the point that it… …   Wikipedia

  • Ethernet — An 8P8C modular connector (often called RJ45) commonly used on cat 5 cables in Ethernet networks Ethernet   …   Wikipedia

  • Proxy server — For Wikipedia s policy on editing from open proxies, please see Wikipedia:Open proxies. Communication between two computers (shown in grey) connected through a third computer (shown in red) acting as a proxy. In …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”