Trusted Hosts

Trusted host configuration is used to prevent unauthorized access to the OLT. The trusted host portion of aaa is configured as follows.

System AAA Trusted Host Attributes

Attribute	Values	Default	Req	Description
Interface-name	String	N/A	Y	The interface name to apply the trusted host configuration to.
Enable-trusted-host	true \| false	false	N	Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration.
Trusted-hosts	List of strings	N/A	Y	The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable by the EMS. IP addresses should be used rather than hostnames.
Enabled-icmp-destination-unreachable	true \| false	true	N	Whether to send back destination unreachable for unroutable packets.
Icmp-rate-limit	0..1000	0	N	Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit.
Enable-group-icmp-echo-reply	true \| false	true	N	Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP.

Note 1: * = required parameter

Command Path – tolt>system>aaa>trusted-hosts>
Module – tolt
Container – system
Container – aaa
Container – trusted-hosts
Types – Input Parameters
- *Interface-name – The interface name to apply the trusted host configuration to.
  - String
- Enable-trusted-host – Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration.
  - True | false (Default false)
- *Trusted-hosts – The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable
  - List of Strings
- Enabled-icmp-destination-unreachable – Whether to enable the OCSP server checks of certificates.
  - True | false (Default true )
- Icmp-rate-limit – Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit.
  - 0..1000 (Default 0 )
- Enable-group-icmp-echo-reply – Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP.
  - True | false (Default true )

AAA Enable Ping of the OLT Example

Command Path – tolt>system>aaa>trusted-host>
Module – tolt
Container – system
Container – aaa
Container – trusted-host

Types – Example Parameters
- enable-group-icmp-echo-reply – true

From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply true, and press Enter.
From the MDS1-ESUA<Config># command line, input commit, and press Enter.
Outputs similar to the following are displayed:

MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-group-icmp-echo-reply true <enter>
MDS1-ESUA<Config># commit <enter>
Commit complete.
MDS1-ESUA<Config># _

AAA Disable Ping of the OLT Example

Command Path – tolt>system>aaa>trusted-hosts>
Module – tolt
Container – system
Container – aaa
Container – trusted-hosts

Types – Example Parameters
- enable-group-icmp-echo-reply – false

From the MDS1-ESUA(Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply false, and press Enter.
From the MDS1-ESUA(Config># command line, input commit, and press Enter.
Outputs similar to the following are displayed:

MDS1-ESUA(Config)# tolt system aaa trusted-host  enable-group-icmp-echo-reply false <enter>
MDS1-ESUA(Config)# commit <enter>
Commit complete.
MDS1-ESUA(Config)# _

AAA Enable Trusted Host Example

Command Path – tolt>system>aaa>trusted-hosts>
Module – tolt
Container – system
Container – aaa
Container – trusted-hosts

Types – Example Parameters
- trusted-hosts – List of trusted host addresses Note: String values must be encased by brackets [ string ]
- Enable-trusted-host – true

From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ], and press Enter.
From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-trusted-host true, and press Enter.
Input commit, and press Enter. Outputs similar to the following are displayed:

MDS1-ESUA(<Config># tolt system aaa trusted-hosts trusted-hosts  [ 172.28.6.166 10.99.99.110 ] <enter>
MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-trusted-host true, <enter>
MDS1-ESUA<Config># commit <enter>
Commit complete.
MDS1-ESUA<Config># _

AAA Configure ICMP Destination Unreachable Example

Command Path – tolt>system>aaa>trusted-host>
Module – tolt
Container – system
Container – aaa
Container – trusted-host

Types – Example Parameters
- enabled-icmp-destination-unreachable – true
- icmp-rate-limit – 2

From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2, and press Enter.
Outputs similar to the following are displayed:

MDS1-ESUA<Config># tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true 
icmp-rate-limit 2 <enter>
MDS1-ESUA<Config># commit <enter>
Commit complete.
MDS1-ESUA<Config># _