At present, such access devices as Digital Subscriber Line Access Multiplexer (DSLAM) and integrated access device have widely been applied for providing broadband access. Such access devices can provide variety of broadband accesses such as Asymmetrical Digital Subscriber Loop (ADSL), Single-line High-bit-rate Digital Subscriber Line (SHDSL), Very-high-data-rate Digital Subscriber Loop (VDSL), etc., to enable users to access broadband Internet and implement other services such as video services and IP telephone services.
At present, in order to implement authentication and charging for users, and avoid malicious access from illegal users, Media Access Control (MAC) address based filter criterions are employed to filter the users accessing the network.
However, with increase of the broadband users, some illegal users illegally access the broadband network by means of counterfeiting legal MAC addresses, and may run their illegal services or maliciously interfere with the normal services on the broadband network. For example, some illegal users may change legal users' MAC addresses using software tools to attack the legal users and interfere with the regular broadband services. Therefore, the broadband access network needs abilities to prevent MAC address counterfeiting.
A solution for preventing MAC address counterfeiting is binding a source MAC address with a source port. According to this solution, each user accessing the network is assigned with one or more source MAC addresses, and a relationship between a source MAC address and an access port is stored. In this way, on receipt of an Ethernet packet sent from a user via an access port, an access device determines whether the source MAC address of the packet matches the access port. If the source MAC address of the packet matches the access port, the access device forwards the packet to an upper layer of the broadband network; otherwise, the access device discards the packet. In accordance with this solution, each of the access ports needs to be assigned with at least a corresponding source MAC address and this is done randomly. When there are a large number of access ports in the broadband network, the workload for providing one or more source MAC addresses for each of the access ports is quite heavy. In addition, since the source MAC address is bound with the access port, if the user has a new PC or wants to change the current MAC address to another legal MAC address, the user has to reset the source MAC address in the access device for implementing services, which is quite complex and thus this solution is difficulty to be applied widely.