Got it
Huawei Enterprise Support Community
Community Forums Access Network
Protecting My Huawei OLT ...

Protecting My Huawei OLT Login

Created: Apr 17, 2020 13:02:15Latest reply: Apr 17, 2020 13:44:56 567 3 1 0 0
  HiCoins as reward: 0 (problem unresolved)
View the author 1#

Hi guys.
After working with Huawei OLT cli, I noticed that every IP I set on the box is available for ssh/telnet connection.
This is a big security issue.
Is it possible to chose IP/interface where ssh/telnet should listen? similar to the Linux daemon way.


btw
I'm already aware of ACL to protect access to OLT.
Any idea/feedback would be welcome,
Leandro.


OLT Series

Like (1) Dislike (0) Favorite(0) Share Report
Previous: DG8245W2 - Change DNS
Next: Cannot Access HG8145V Web Interface
Featured Answers

Recommended answer

(2) (0)
liqiang185
Admin Created Apr 17, 2020 13:11:22

Hello!

It's nice to meet you in the community. 


You can use this command: set  aclservicesrule  to turn off features you don’t need.

Function

This command is used to  configure the access control permissions for the optical network terminal  (device)


Format

set aclservicesrule [HTTPLanEnable value |HTTPWanEnable value |FTPLanEnable value |FTPWanEnable value |TELNETLanEnable value |TELNETWanEnable value |SSHLanEnablevalue |SSHWanEnablevalue |HTTPWifiEnablevalue |TELNETWifiEnablevalue]*


1

Example

To urn off the function  of accessing the device using HTTP on the LAN interface, do as follows:

WAP>set aclservicesrule HTTPLanEnable 0
success!
WAP>

Thank you!

View more
  • x
  • convention:
All Answers
(2) (0)
2#
liqiang185
liqiang185 Admin Created Apr 17, 2020 13:11:22

Hello!

It's nice to meet you in the community. 


You can use this command: set  aclservicesrule  to turn off features you don’t need.

Function

This command is used to  configure the access control permissions for the optical network terminal  (device)


Format

set aclservicesrule [HTTPLanEnable value |HTTPWanEnable value |FTPLanEnable value |FTPWanEnable value |TELNETLanEnable value |TELNETWanEnable value |SSHLanEnablevalue |SSHWanEnablevalue |HTTPWifiEnablevalue |TELNETWifiEnablevalue]*


1

Example

To urn off the function  of accessing the device using HTTP on the LAN interface, do as follows:

WAP>set aclservicesrule HTTPLanEnable 0
success!
WAP>

Thank you!

View more
  • x
  • convention:
(0) (0)
3#
Unicef
Unicef MVE Created Apr 17, 2020 13:44:56


You can log in to a device through its console port or mini USB port, or using Telnet, redirection, reverse Telnet, or STelnet to manage and maintain the device.

You can log in to a device through its console port or mini USB port, or using Telnet or STelnet. After successful login, you can run commands on the command line interface (CLI) to manage and configure the device. You can also log in to another device from the local device using Telnet, STelnet, redirection, or reverse Telnet.

https://support.huawei.com/enterprise/en/doc/EDOC1000174064/13c09f1/cli-login-configuration


Configuring Login Through a Console Port
You can connect a PC to the console port of a device and then log in to the device to perform basic configurations and management.
View more
  • x
  • convention:

leostereo
leostereo Created Apr 17, 2020 14:26:11 (0) (0)
Dear unicef, thanks for your resonse:
According to documentation you suggested:
I should use "telnet server permit interface" command but it is not available on olt cli.
I think next option for me is "telnet server acl" .. then define the propper acl.
Thanks !!!!  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.