Loader

User Administration and Security

User Accounts

There are three types of user accounts:

Factory Default Users

When logging on to the craft interface via a direct serial port connection to a Tellabs 1100 Series Optical LAN OLT (NE), two default local user accounts are shipped with the OLT (NE):

  • admin - This user ID is used for initial NE  Turnup activities and provides administrator access to all craft interface functions. The default password is tellabs. At the first logon with the admin user account, the system forces the user to change the default password (i.e., from tellabs) to a new password value (see Connecting to the ESU Serial Port).
  • craft - This user ID provides read-only diagnostic access to the craft interface. The default password is adsl2+. This account cannot be deleted, and the default password cannot be changed. This account can be disabled by the system. To disable the account, see the "Security Manager" section in the Panorama PON Common Services User’s Guide.  The purpose of this user is to allow setting the database back to factory defaults when no user logins are known.  This account is only able to reset the database when all cards have been removed except a single ESU and all lasers are removed from the ESU and then the system is rebooted.  This can only be done via a local serial account and cannot be performed remotely.

Local Users

The Optical Lan Terminal (OLT) supports a user account database that can store up to 15 local user accounts. This feature is provided to allow craft interface access if connectivity to Panorama PON EMS is lost. Local user accounts have the same security policies as the rest of the system and have the following characteristics:

  • Local user accounts are authenticated at the OLT and can be authenticated with or without network connectivity.
  • Local user accounts are limited to one OLT and must be maintained on a per-OLT basis.
  • A Security Admin user can manage local user account security policies via Panorama PON EMS (see the "Local Craft User Account Management" section in the Tellabs 1100 Series Optical LAN Managing the PON Users Guide) or locally at the OLT (see adduser and deluser).
  • A local user can manage his or her personal password in the local OLT database. The password remains local to one NE and is managed on a per-OLT basis (see passwd) via the CLI.
  • Admin users can reset a user password in the local OLT database. The password remains local to that OLT and is managed on a per-OLT basis (see resetpasswd).

Remote Users

Remote user accounts are validated using the (RADIUS) networking protocol that provides centralized authentication, authorization, and accounting management for computers that connect and use a network service (see the Remote Authentication Dial-In Services (RADIUS) Profiles section in the Tellabs 1100 Series Optical LAN Managing the PON Users Guide). When a user logs into the OLT, the OLT attempts to authenticate the user in the local (OLT) database first. If the user cannot be authenticated in the local database, the OLT attempts to authenticate using RADIUS. If the system cannot authenticate the user in the OLT or by RADIUS, logon is not permitted.

Remote user accounts have characteristics similar to local craft user accounts.

When a craft user attempts to log on, the following process occurs:

 

  1. The OLT (NE) first attempts to authenticate the craft user in the local OLT (NE) database.
  2. If the user cannot be authenticated and a RADIUS server is configured, the OLT (NE) attempts to authenticate the user in the RADIUS server database.
  3. If the user cannot be authenticated, a rejection message is issued, and the user is denied access.

Tellabs Series Optical LAN OLTs communicate directly with the RADIUS server for craft user authentication. The local user account and RADIUS configuration for the OLT is managed by the Panorama PON via the OLT User Administration function or by a Security Admin level user accessing the OLT (NE) through the craft user interface. For details on user administration adduser or "OLT User Administration" in the Tellabs 1100 Series Optical LAN Managing the PON User’s Guide).

Viewing Craft User Account Information

At the OLT, any craft user can view the information for his or her account, such as the last login, current access level, and days remaining until password expiration. An Admin, or Security Admin user can view information for all local user accounts, as well as the read-only craft/adsl2+ and the admin-level admin/tellabs static accounts.

The following Administration topics are covered in this section:

     |    
 

 
User Admininistration
Add New User
Change Password
Delete User
Display Provisioning Log
Enable User
Reset Factory Defaults
Reset Password
Stop User
User Information
User Logins
Security Administration
Enable User Security
Erase Database
ne/olt Security
ONT Security Admin
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.