Loader

Configure Security

This section provides a shortcut to provisioning the various security-related features. The features in Step 1 through Step 3 are available to admin users only.

Information Note: Panorama PON maintains a daily log of all CLI command activity on a per-server basis. These logs are located in the Windows directory c:TellabsPanoramaPONbbmgrlogcliaudit.
  1. Configure Craft RADIUS  Login
    1. Enable: 
      ESUx> ne aaa authentication edit login radius admin=enabled protocol=chap local <enter>
command completed
ESUx> _
    2. Configure RADIUS servers: 
      ESUx> ne radius-server-group edit login-default server address=1.2.3.4 key=PASSWORD <enter>
command completed
ESUx> _
  2. Configure 802.1x/PAE RADIUS Login
    1. Enable: 
      ESUx> ne aaa authentication edit dot1x radius admin=enabled <enter>
command completed
ESUx> _
    2. Configure RADIUS servers: 
      ESUx> ne radius-server-group edit dot1x-default server address=1.2.3.4 key=PASSWORD <enter>
command completed
ESUx> _
    3. Configure PAE Profiles: 
      ESUx> profile pae create name=MyDot1XEnable admin=enabled <enter>
command completed
ESUx> _
    4. Assign PAE Profile to port: 
      ESUx> interface port edit port-id=1-2-3-4 pae=MyDot1XEnable <enter>
command completed
ESUx> _
    5. Force re-authentication on the assigned port in the event of a suspected or actual security breach.
      ESUx> interface port edit port-id=1-2-3-4 re-authenticate <enter>
command completed
ESUx> _
  1. Configure Trusted Hosts/Networks:

    1. Enable:

      ESUx> ne aaa trusted-host edit admin=enabled <enter>
command completed
ESUx> _
    2. Add Hosts: 
      ESUx> ne aaa trusted-host edit ip address=1.2.3.4 <enter>
command completed
ESUx> _
      or 
      ESUx> ne aaa trusted-host edit ip address=172.28.0.0 size=16 <enter>
command completed
ESUx> _
  2. Configure PKI:
    Information Note: Step 4 and Step 5 are performed while logged into the CLI as a CertificateAdmin user.
    1. Load certificates via the console 
      ESUx> ne security key import terminal pem  <enter> 
ESUx> ne security pki-ca-trustpoint certificate import terminal pem  <enter> 
ESUx> _
      or
    2. Load certificates via HTTPS 
      ESUx> ne security key import pkcs12 url=https://-.  <enter> 
ESUx> ne security pki-ca-trustpoint certificate import pkcs12 url=https://-  <enter> 
ESUx> _
    3. Enable DNS 
      ESUx> ne ip edit dns admin=enabled <enter>
command completed
ESUx> _
    4. Configure DNS Servers 
      ESUx> ne ip edit dns name-server address=1.2.3.4 <enter>
command completed
ESUx> _
    5. Enable Online Certificate Status Protocol (OCSP) 
      ESUx> ne security pki-ca-trustpoint ocsp edit admin=enabled <enter>
command completed
ESUx> _
    6. Configure OCSP Server  
      ESUx> ne security pki-ca-trustpoint ocsp edit url=http://myfavorite.com:80 <enter>
command completed
ESUx> _
  3. Configure PKI for AS-SIP to an Optical Network Terminal (ONT):
    1. Load certificates via the console 
      ESUx> ont security key import id=1-2-3 terminal pem <enter>  
ESUx> ont security pki-ca-trustpoint id=1-2-3 certificate import terminal pem <enter> 
ESUx> _
      or
    2. Load certificates via HTTPS 
      ESUx> ont security key import id=1-2-3 pkcs12 url=https://-. <enter> 
ESUx> ont security pki-ca-trustpoint certificate import id=1-2-3 pkcs12 url=https://- <enter>
ESUx> _
      Previous  |  Next 
©2024 Tellabs Enterprise, Inc. All rights reserved.

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.
light-box Image