Processing of IWF PPPoE Sessions with Duplicate MAC Addresses

JunosE Software supports detection of PPPoE sessions with duplicate MAC addresses that contain interworking function (IWF) tags. The IWF feature performs a set of operations on a subscriber’s session to enable the transport of PPPoE over ATM traffic on a PPPoE interface.

PPPoE supports duplicate detection based on MAC addresses to prevent spoofed MAC addresses and to avoid unauthorized users from attempting to use the MAC address of another valid user. When duplicate protection is configured for the underlying interface, a dynamic PPPoE logical interface cannot be activated when an existing active logical interface is present for the same PPPoE client. This mechanism prevents an unauthorized user to deny or disrupt service to a legitimate user.

Although duplicate protection of PPPoE sessions with the same MAC address enables prevention of unauthorized access to resources, there might be scenarios in interworked PPPoE sessions in which multiple sessions that originate from the same MAC address are required for access to network services and applications. In this release, you can enable multiple PPPoE sessions with the same MAC address that contain the IWF tag to be established. This feature is useful for IWF PPPoE sessions because of a number of such sessions contain the same MAC address of the DSLAM at which multiplexing and conversion functions are performed.