Got it

Protecting My Huawei OLT Login

Created: Apr 17, 2020 13:02:15Latest reply: Apr 17, 2020 13:44:56 569 3 1 0 0
  HiCoins as reward: 0 (problem unresolved)

Hi guys.
After working with Huawei OLT cli, I noticed that every IP I set on the box is available for ssh/telnet connection.
This is a big security issue.
Is it possible to chose IP/interface where ssh/telnet should listen? similar to the Linux daemon way.


btw
I'm already aware of ACL to protect access to OLT.
Any idea/feedback would be welcome,
Leandro.


Featured Answers

Recommended answer

liqiang185
Admin Created Apr 17, 2020 13:11:22

Hello!

It's nice to meet you in the community. 


You can use this command: set  aclservicesrule  to turn off features you don’t need.

Function

This command is used to  configure the access control permissions for the optical network terminal  (device)


Format

set aclservicesrule [HTTPLanEnable value |HTTPWanEnable value |FTPLanEnable value |FTPWanEnable value |TELNETLanEnable value |TELNETWanEnable value |SSHLanEnablevalue |SSHWanEnablevalue |HTTPWifiEnablevalue |TELNETWifiEnablevalue]*


1

Example

To urn off the function  of accessing the device using HTTP on the LAN interface, do as follows:

WAP>set aclservicesrule HTTPLanEnable 0
success!
WAP>

Thank you!

View more
  • x
  • convention:

All Answers

Hello!

It's nice to meet you in the community. 


You can use this command: set  aclservicesrule  to turn off features you don’t need.

Function

This command is used to  configure the access control permissions for the optical network terminal  (device)


Format

set aclservicesrule [HTTPLanEnable value |HTTPWanEnable value |FTPLanEnable value |FTPWanEnable value |TELNETLanEnable value |TELNETWanEnable value |SSHLanEnablevalue |SSHWanEnablevalue |HTTPWifiEnablevalue |TELNETWifiEnablevalue]*


1

Example

To urn off the function  of accessing the device using HTTP on the LAN interface, do as follows:

WAP>set aclservicesrule HTTPLanEnable 0
success!
WAP>

Thank you!

View more
  • x
  • convention:


You can log in to a device through its console port or mini USB port, or using Telnet, redirection, reverse Telnet, or STelnet to manage and maintain the device.

You can log in to a device through its console port or mini USB port, or using Telnet or STelnet. After successful login, you can run commands on the command line interface (CLI) to manage and configure the device. You can also log in to another device from the local device using Telnet, STelnet, redirection, or reverse Telnet.

https://support.huawei.com/enterprise/en/doc/EDOC1000174064/13c09f1/cli-login-configuration


Configuring Login Through a Console Port
You can connect a PC to the console port of a device and then log in to the device to perform basic configurations and management.
View more
  • x
  • convention:

leostereo
leostereo Created Apr 17, 2020 14:26:11 (0) (0)
Dear unicef, thanks for your resonse:
According to documentation you suggested:
I should use "telnet server permit interface" command but it is not available on olt cli.
I think next option for me is "telnet server acl" .. then define the propper acl.
Thanks !!!!  

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.