Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    system mgmt-sources

    Syntax

    [no] system mgmt-sources ip_address [ ip_address ]

    Description

    This command configures the management sources (IP addresses) that are allowed to connect to the BTI7800 management interface.

    Options

    Parameter

    Description

    Range

    Default Value

    ip_address

    The IP address or prefix of the management source allowed to connect.

    Up to 16 IP addresses and/or prefixes can be specified.

    Standard dotted decimal notation with subnet length (for example, 10.1.2.0/24).

    The default is to allow all management sources.

    Additional Information

    If one or more management sources are configured, a management device must be in this source list in order to connect to certain protocol ports on the BTI7800. If no management sources are configured, all management devices are allowed to connect.

    If one or more management sources are configured, management source verification works as follows: If a connection request arrives on the CMM management Ethernet port (eth1) or inband on the optical network, and if the request is destined for any of the protocol ports in the following list, the system validates the source IP address in the connection request with the list of allowed management sources. If the source IP address in the connection request is not in the allowed management source list, the connection is rejected.

    • SSH (port 22)
    • CLI (port 2024)
    • NETCONF (port 2022)
    • SNMP (port 161)

    Note: Management source verification does not take place if the connection request is destined for a protocol port not in the above list.

    This command only governs new connection requests. Existing established management connections are not affected. Connection requests on the craft Ethernet port (eth0) are also not affected. Any source can connect to the craft Ethernet port.

    Required Privilege Level

     

    Related Documentation

     

    Sample Output

    bti7800(config)# system mgmt-sources 10.1.2.0/24 10.1.100.25/32

    Modified: 2017-03-10