8 anti-spoofing, 1 anti-dhcp spoofing, Anti-spoofing -20 – Riverstone Networks WICT1-12 User Manual

7-20 Riverstone Networks RS Switch Router User Guide Release 8.0

Anti-Spoofing

CMTS Configuration Guide

7.8

ANTI-SPOOFING

The following examples illustrate methods for anti-spoofing using the RS.

The RS in these examples contain the following line cards:

•

Slot 1: 8 port 10/100 card

•

Slot 5: CMTS card

7.8.1

Anti-DHCP Spoofing

Anti-DHCP spoofing prevents a DHCP server that is behind a cable modem from serving as a provisioning server for
nodes on the same cable network. In this example, DHCP anti-spoofing prevents DHCP SERVER #2 from serving as
a provisioning server instead of DHCP SERVER #1.

Following, is the configuration:

! Configure the RS

cmts set headend cm.5.1 hashed-auth-str hbCgHB

cmts set uschannel cm.5.1 upstream 1 state on

! Configure the VLANs

vlan create dhcp port-based

vlan create cmts port-based

vlan add ports et.1.1 to dhcp

vlan add ports cm.5.1 to cmts

interface create ip dhcp address-netmask 50.1.1.1/16 vlan dhcp

interface create ip cmts1 address-netmask 50.2.1.1/16 vlan cmts

! Enable anti-DHCP spoofing

cmts set headend cm.5.1 anti-dhcp-spoofing enable

et.1.1

cm.5.1

50.1.1.1

DHCP SERVER 1

RS

DDEEFF: 000002 / 50.2.1.X

MODEM #2

CPE #1

DHCP SERVER 2