Trusted Hosts
Trusted host configuration is used to prevent unauthorized access to the OLT. The trusted host portion of aaa is configured as follows.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxOTIpLnBuZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTc2NTQ3NzczOX19fV19&Signature=jaEJ16gk5eEiwsCQqSLujIgQ6Vq0cxaFm8SiwLm2lXSHss9EuntPc0wH0VyG-zGd5HdywOU-EL-GHviwcy4pi5uusNXe0obk3GKZNBqE6v8MoVEHDJrAOFhV-o286jrIHGcyMuTmv8eec3bWCV90i1MFDdaFMb0J3iQJKTdXOaJ9BcUG1E6tCN50f1lPkVflcJIldGUPgYq7V4AZjdF9Cq3Sate4lKmpD4Uv2apuwwWQSCf0x0hrnWNfhvjBIiKe8xJdNXSB4OZ8c1J610aFOF3eBZjKQ34DAXWVGz0BqK0oQUdY2NfgOD4ErL1Yu65FcPhGp2RI7rm~uGyEzG8ZFg__&Key-Pair-Id=K2TK3EG287XSFC)
System AAA Trusted Host Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Interface-name | String | N/A | Y | The interface name to apply the trusted host configuration to. |
| Enable-trusted-host | true | false | false | N | Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration. |
| Trusted-hosts | List of strings | N/A | Y |
The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable by the EMS. IP addresses should be used rather than hostnames. |
| Enabled-icmp-destination-unreachable | true | false | true | N |
Whether to send back destination unreachable for unroutable packets. |
| Icmp-rate-limit | 0..1000 | 0 | N |
Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit. |
| Enable-group-icmp-echo-reply | true | false | true | N |
Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP. |
Note 1: * = required parameter
- Command Path – tolt>system>aaa>trusted-hosts>
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Input Parameters
- *Interface-name – The interface name to apply the trusted host configuration to.
- String
- Enable-trusted-host – Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration.
- True | false (Default false)
- *Trusted-hosts – The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable
- List of Strings
- Enabled-icmp-destination-unreachable – Whether to enable the OCSP server checks of certificates.
- True | false (Default true )
- Icmp-rate-limit – Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit.
- 0..1000 (Default 0 )
- Enable-group-icmp-echo-reply – Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP.
- True | false (Default true )
- *Interface-name – The interface name to apply the trusted host configuration to.
AAA Enable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enable-group-icmp-echo-reply – true
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply true, and press Enter.
- From the MDS1-ESUA<Config># command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-group-icmp-echo-reply true <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
AAA Disable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- enable-group-icmp-echo-reply – false
- From the MDS1-ESUA(Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply false, and press Enter.
- From the MDS1-ESUA(Config># command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA(Config)# tolt system aaa trusted-host enable-group-icmp-echo-reply false <enter> MDS1-ESUA(Config)# commit <enter> Commit complete. MDS1-ESUA(Config)# _ |
AAA Enable Trusted Host Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- trusted-hosts – List of trusted host addresses Note: String values must be encased by brackets [ string ]
- Enable-trusted-host – true
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ], and press Enter.
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-trusted-host true, and press Enter.
- Input commit, and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(<Config># tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ] <enter> MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-trusted-host true, <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
AAA Configure ICMP Destination Unreachable Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enabled-icmp-destination-unreachable – true
- icmp-rate-limit – 2
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2 <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.