摘要 |
<p>A packet filtering method and an access device are disclosed, and relate to network communication technologies. A technical solution provided in embodiments of the present invention includes the following: Firstly, a hardware forwarding plane or a user port in an access device receives a packet from an uplink node; secondly, the hardware forwarding plane queries, according to an IP address of a downlink destination node in the packet, a mapping table to determine a user port corresponding to the downlink destination node, and sends the packet to the downlink destination node through the corresponding user port; or, the user port queries an access user table for whether the user port corresponds to an IP address of a downlink destination node in the packet, and if so, the user port sends the packet to the downlink destination node, or if not, the port discards the packet. By querying a mapping table or an access user table, it is ensured that the packet can only be sent to a corresponding user equipment through a user port corresponding to a downlink destination node. This avoids a waste of bandwidth resources, and meanwhile reduces the number of unnecessary broadcast packets, thereby enhancing the security of a network.</p> |