Configuring Management Sources
Use this procedure to specify the IP addresses that are allowed to gain management access to the system.
This feature is supported starting with release 2.1.1.
If no management sources are configured, all management sources are allowed.
If a connection request arrives on the CMM management Ethernet port (eth1) or inband on the optical network, and if the request is destined for any of the protocol ports in the following list, the system validates the source IP address in the connection request with the list of allowed management sources. If the source IP address in the connection request is not in the allowed management source list, the connection is rejected.
SSH (port 22)
CLI (port 2024)
NETCONF (port 2022)
SNMP (port 161)
Management source verification does not take place if the connection request is destined for a protocol port not in the above list.
This command only governs new connection requests. Existing established management connections are not affected. Connection requests on the craft Ethernet port (eth0) are also not affected. Any source can connect to the craft Ethernet port.
- Enter system configuration mode.
bti7800# config Entering configuration mode terminal
bti7800(config)# system bti7800(config-system)#
- Add the list of management sources that you want to allow.
bti7800(config-system)# mgmt-sources 10.1.1.5/32 192.168.10.0/24
- Commit your changes.
- Verify your settings by displaying the new settings.
For example (partial output only):
bti7800(config-system)# do show system
Management Sources : 10.1.1.5/32, 192.168.10.0/24