Trusted Hosts
Trusted host configuration is used to prevent unauthorized access to the OLT. The trusted host portion of aaa is configured as follows.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxOTIpLnBuZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTc4MjUxMjcxOH19fV19&Signature=gyDWUP2nki17RUln-BUCEYM6maMVZ7e5fmlByLxMfu3KjxU5Ru3Wrs8m7QXdqRmXDM6Hb4bAPEexJXzjjahFR5hmsdiPyna8WtFImNBFwFx5UFkVsIz0a4Qcszx1ZqM9DlXM2c2ekt5oHO~4mgVWdBK98z-WB0ADdkiploAwrRZIAsWTK4TmDJs2FhCPtVfskM8ZiQj-t4sJd0nDK7NoAWpigg6r13Bxmic6~ILF5kCKg-jN2HUdGej3bzvAryuY3ct2ChkzyDgqLYtNsMLfqrM3NvGJa5OPVlYxBqRlTcrvNvJyypqos1cOQMRt7Gl7tPUHv7aDAtFFq6HaHMPkJQ__&Key-Pair-Id=K2TK3EG287XSFC)
System AAA Trusted Host Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Interface-name | String | N/A | Y | The interface name to apply the trusted host configuration to. |
| Enable-trusted-host | true | false | false | N | Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration. |
| Trusted-hosts | List of strings | N/A | Y |
The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable by the EMS. IP addresses should be used rather than hostnames. |
| Enabled-icmp-destination-unreachable | true | false | true | N |
Whether to send back destination unreachable for unroutable packets. |
| Icmp-rate-limit | 0..1000 | 0 | N |
Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit. |
| Enable-group-icmp-echo-reply | true | false | true | N |
Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP. |
Note 1: * = required parameter
- Command Path – tolt>system>aaa>trusted-hosts>
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Input Parameters
- *Interface-name – The interface name to apply the trusted host configuration to.
- String
- Enable-trusted-host – Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration.
- True | false (Default false)
- *Trusted-hosts – The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable
- List of Strings
- Enabled-icmp-destination-unreachable – Whether to enable the OCSP server checks of certificates.
- True | false (Default true )
- Icmp-rate-limit – Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit.
- 0..1000 (Default 0 )
- Enable-group-icmp-echo-reply – Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP.
- True | false (Default true )
- *Interface-name – The interface name to apply the trusted host configuration to.
AAA Enable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enable-group-icmp-echo-reply – true
- From the MDS1-ESUA(config)# command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply true, and press Enter.
- From the MDS1-ESUA(config)# command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA(config)# tolt system aaa trusted-hosts enable-group-icmp-echo-reply true <enter> MDS1-ESUA(config)# commit <enter> Commit complete. MDS1-ESUA(config)# _ |
AAA Disable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- enable-group-icmp-echo-reply – false
- From the MDS1-ESUA(config)# command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply false, and press Enter.
- From the MDS1-ESUA(config)# command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA(config)# tolt system aaa trusted-host enable-group-icmp-echo-reply false <enter> MDS1-ESUA(config)# commit <enter> Commit complete. MDS1-ESUA(config)# _ |
AAA Enable Trusted Host Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- trusted-hosts – List of trusted host addresses Note: String values must be encased by brackets [ string ]
- Enable-trusted-host – true
- From the MDS1-ESUA<config)# command line, input tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ], and press Enter.
- From the MDS1-ESUA(config)# command line, input tolt system aaa trusted-hosts enable-trusted-host true, and press Enter.
- Input commit, and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(config)# tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ] <enter> MDS1-ESUA(config)# tolt system aaa trusted-hosts enable-trusted-host true, <enter> MDS1-ESUA(config)# commit <enter> Commit complete. MDS1-ESUA(config)# _ |
AAA Configure ICMP Destination Unreachable Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enabled-icmp-destination-unreachable – true
- icmp-rate-limit – 2
- From the MDS1-ESUA(config)# command line, input tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA(config)# tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2 <enter> MDS1-ESUA(config)# commit <enter> Commit complete. MDS1-ESUA(config)# _ |