| Type of probe required |
Genalyzer G100, Genalyzer G1000 or own PC hardware |
| Number of probes needed |
2-3 depending on actual test |
| Number of logical network interfaces needed per probe |
At least 2 (=one extra in addition to the management interface) |
| Support for tests on the management interface |
No |
| Support for tests on VLAN interfaces |
Yes (each physical interface handles 8 VLAN:s according to 802.1q) |
| Support for tests on Q-in-Q interfaces |
No |
| ARP spoofing: Verifies that ARP requests and replies with a false address (IP / MAC) are blocked. Otherwise, it is possible for a user to intercept other users’ traffic or block their Internet access. |
Number of probes: 3, one ISP probe and two client probes
Support for your own DHCP server: Yes
The test verifies: That different types of ARP requests and ARP replies with spoofed source IP and MAC addresses are blocked or not. Spoofed traffic is sent from the client probes. |
| IP address spoofing: Verifies that a customer cannot use another IP address than the one assigned for user. Otherwise, it is possible for a user to take someone else's IP identity. |
Number of probes: 2, one ISP probe and one client probe
Support for your own DHCP server: Yes
The test verifies: That traffic from the client probe is blocked if an incorrect IP address is used |
| DHCP option 82: Uses a DHCP client to request an IP address to verify that the access network element inserts an ID of the access port into the request. Otherwise, it is not possible to uniquely identify a user. |
Number of probes: 2, one ISP probe and one client probe
Support for your own DHCP server: No
ISP probe acts DHCP: Yes
The test verifies: That the access element adds traceability information in the DHCP option 82 field. |
| DHCP expiry: Checks that leased IP addresses that have expired are blocked. Otherwise, it is not possible to trace a customer. |
Number of probes: 2, one ISP probe and one client probe
Support for your own DHCP server: Yes
The test verifies: That a client is not able to access the network with an IP address whose lease has expired. |
| UPnP blocking: Checks that Universal Plug and Play (UPnP) is blocked between different customers. Otherwise, one customer’s UPnP devices (printers and hard drives) can be accessible by other customers. |
Number of probes: 2, two client probes
Support for your own DHCP server: Yes
The test verifies: That Universal Plug and Play (SSDP UPnP) multicast on port 1900 is blocked between customer ports on the access elements. |
| IPv6 router advertisement: Verifies that the IPv6 router advertisement packets are blocked. Otherwise, it is possible for a customer to intercept other customers’ traffic or block their Internet access. |
Number of probes: 2, two client probes
Support for your own DHCP server: Yes
The test verifies: That IPv6 router advertisement messages are blocked between customer ports on the access elements. |
| Rouge DHCP server: Verifies that no IP addresses (IPv4 or IPv6) can be offered from one customer to the others. Otherwise, it is possible for a customer to intercept other customers’ traffic or block their Internet access. |
Number of probes: 2, two client probes
Support for your own DHCP server: Yes
The test verifies: That a customer can not assign IP addresses to other customers. These attempts must be blocked between customer ports on the access elements. |
