Huawei access security recommends limiting MAC learn counts per port/VLAN, and using anti-MAC-spoofing bindings: either automatic (dynamic) bindings generated by the system or manual static MAC bindings to the service/port. Simply replacing a terminal is not a network-side mitigation method and is not listed as a protection measure.
[References: HCIP-Access V2.5 Study Guide (User Access Security & Anti-Spoofing); Huawei OLT Security/AAA Feature Description (MAC limiting and binding)., , ]
Submit