Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Management Sources

 

Use this procedure to specify the IP addresses that are allowed to gain management access to the system.

Note

This feature is supported starting with release 2.1.1.

Note

If no management sources are configured, all management sources are allowed.

If a connection request arrives on the CMM management Ethernet port (eth1) or inband on the optical network, and if the request is destined for any of the protocol ports in the following list, the system validates the source IP address in the connection request with the list of allowed management sources. If the source IP address in the connection request is not in the allowed management source list, the connection is rejected.

  • SSH (port 22)

  • CLI (port 2024)

  • NETCONF (port 2022)

  • SNMP (port 161)

Note

Management source verification does not take place if the connection request is destined for a protocol port not in the above list.

This command only governs new connection requests. Existing established management connections are not affected. Connection requests on the craft Ethernet port (eth0) are also not affected. Any source can connect to the craft Ethernet port.

  1. Enter system configuration mode.

    For example:

    bti7800# config Entering configuration mode terminal
  2. Add the list of management sources that you want to allow.

    For example:

    bti7800(config-system)# mgmt-sources 10.1.1.5/32 192.168.10.0/24
  3. Commit your changes.
    bti7800(config-system)# commit
  4. Verify your settings by displaying the new settings.

    For example (partial output only):

    bti7800(config-system)# do show system
Release History Table
Release
Description
Use this procedure to specify the IP addresses that are allowed to gain management access to the system.