This command configures the management sources (IP addresses) that are allowed to connect to the BTI7800 management interface.
The IP address or prefix of the management source allowed to connect.
Up to 16 IP addresses and/or prefixes can be specified.
decimal notation with subnet length (for example,
The default is to allow all management sources.
If one or more management sources are configured, a management device must be in this source list in order to connect to certain protocol ports on the BTI7800. If no management sources are configured, all management devices are allowed to connect.
If one or more management sources are configured, management source verification works as follows: If a connection request arrives on the CMM management Ethernet port (eth1) or inband on the optical network, and if the request is destined for any of the protocol ports in the following list, the system validates the source IP address in the connection request with the list of allowed management sources. If the source IP address in the connection request is not in the allowed management source list, the connection is rejected.
SSH (port 22)
CLI (port 2024)
NETCONF (port 2022)
SNMP (port 161)
Management source verification does not take place if the connection request is destined for a protocol port not in the above list.
This command only governs new connection requests. Existing established management connections are not affected. Connection requests on the craft Ethernet port (eth0) are also not affected. Any source can connect to the craft Ethernet port.
Required Privilege Level
bti7800(config)# system mgmt-sources 10.1.2.0/24 10.1.100.25/32