Trusted Hosts
Trusted host configuration is used to prevent unauthorized access to the OLT. The trusted host portion of aaa is configured as follows.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxOTIpLnBuZyIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTc2MjExNjAwNH19fV19&Signature=TZ89jUQq2oROCf~iSCMR80m21tojJcXECoLvsc46Lghm0gqhDrEewLlh2xIFCLIzTLBuE4pwIip6Nwfz1akQlaZXKmmS-4jdKiJkhhN5fG9SUwjDCHixPbFBkroO7iRClrcLy2DEdZUgJ24wAx-QW1gNnh1AvXNzXbOW63S~IrYwu2-qJf-DvngqxWzm-mQik1F4jIq2yFp8Mv4VwdhNC4e0M-B7M2C-u1YVojvEnY-YAj8C5FwHmgdsjhWerAi9Oedw9~KdJm-azj1zPZwuAlGypSwVqPOxSAPdz~hM4yD9o9oSDenVi33WXJtqrziHAwgjfpztmYZqMWYFRIQRxw__&Key-Pair-Id=K2TK3EG287XSFC)
System AAA Trusted Host Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Interface-name | String | N/A | Y | The interface name to apply the trusted host configuration to. |
| Enable-trusted-host | true | false | false | N | Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration. |
| Trusted-hosts | List of strings | N/A | Y |
The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable by the EMS. IP addresses should be used rather than hostnames. |
| Enabled-icmp-destination-unreachable | true | false | true | N |
Whether to send back destination unreachable for unroutable packets. |
| Icmp-rate-limit | 0..1000 | 0 | N |
Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit. |
| Enable-group-icmp-echo-reply | true | false | true | N |
Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP. |
Note 1: * = required parameter
- Command Path – tolt>system>aaa>trusted-hosts>
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Input Parameters
- *Interface-name – The interface name to apply the trusted host configuration to.
- String
- Enable-trusted-host – Whether to enable trusted host. Enabling trusted host will block all access from any IP except for those explicitly listed in the configuration.
- True | false (Default false)
- *Trusted-hosts – The EMS must be a part of the list of trusted hosts or the OLT will become unmanageable
- List of Strings
- Enabled-icmp-destination-unreachable – Whether to enable the OCSP server checks of certificates.
- True | false (Default true )
- Icmp-rate-limit – Rate to limit destination unreachable packets to. Zero indicates that there is no rate limit.
- 0..1000 (Default 0 )
- Enable-group-icmp-echo-reply – Whether to allow pings to the OLT. Default is ping is blocked. It is more secure not to reply to pings which reveal a targetable IP.
- True | false (Default true )
- *Interface-name – The interface name to apply the trusted host configuration to.
AAA Enable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enable-group-icmp-echo-reply – true
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply true, and press Enter.
- From the MDS1-ESUA<Config># command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-group-icmp-echo-reply true <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
AAA Disable Ping of the OLT Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- enable-group-icmp-echo-reply – false
- From the MDS1-ESUA(Config># command line, input tolt system aaa trusted-hosts enable-group-icmp-echo-reply false, and press Enter.
- From the MDS1-ESUA(Config># command line, input commit, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA(Config)# tolt system aaa trusted-host enable-group-icmp-echo-reply false <enter> MDS1-ESUA(Config)# commit <enter> Commit complete. MDS1-ESUA(Config)# _ |
AAA Enable Trusted Host Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-hosts
- Types – Example Parameters
- trusted-hosts – List of trusted host addresses Note: String values must be encased by brackets [ string ]
- Enable-trusted-host – true
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ], and press Enter.
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enable-trusted-host true, and press Enter.
- Input commit, and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA(<Config># tolt system aaa trusted-hosts trusted-hosts [ 172.28.6.166 10.99.99.110 ] <enter> MDS1-ESUA<Config># tolt system aaa trusted-hosts enable-trusted-host true, <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
AAA Configure ICMP Destination Unreachable Example
-
- Module – tolt
- Container – system
- Container – aaa
- Container – trusted-host
- Types – Example Parameters
- enabled-icmp-destination-unreachable – true
- icmp-rate-limit – 2
- From the MDS1-ESUA<Config># command line, input tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2, and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt system aaa trusted-hosts enabled-icmp-destination-unreachable true icmp-rate-limit 2 <enter> MDS1-ESUA<Config># commit <enter> Commit complete. MDS1-ESUA<Config># _ |
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.