HOW TO BLOCK TELNET AT ONT FROM ZTE OLT

harry chan putra 1 year ago

 

Nowaday, some unauthorized people can login into ZTE ont with telnet protocol.

it’s really annoying sometime. But don’t worry, we can block telnet protocol ONT from OLT.

Here a screenshot before i execute a command :

ONT-BLOCK

Now time to configure our olt. but you should know where location from that ont.

for example that ont locating to slot 7 port 1 onu id 11.

OL01#conf t
OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#security-mng 211 state enable ingress-type lan mode discard protocol telnet

Okay, Time to see a result :p

ONT-BLOCK-2

Now we can see that telnet port is filtered / closed . i already tried to telnet but didn’t.

beside that, if we have a case we want to login from ont user via outside connection. we can enable that service from OLT via wan connection.

why we need to activate this service. sometimes , as network administrator there is some part of configuration we need to check or configure in users ont . like VOIP element or maybe we want to set SSID name remotely. and because is more easy to do it than we guide a user to login ont via console :p.

Okay Let’s Go to configure this :

OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#security-mng 212 mode permit state enable ingress-type wan protocol web

and we can confirm that command is active or not with :

OL01#show gpon remote-onu security-mng gpon-onu_1/7/1:11
Service control index:    211
State:                  enable
Control mode:           discard –> default is permit

Service list:           telnet
Ingress type:           LAN –> from Inside Connection

Start source IP:        0.0.0.0
End source IP:          0.0.0.0
Service control index:    212
State:                  enable
Control mode:           permit –> default is discard

Service list:           web
Ingress type:           WAN –> from Outside Connection

Start source IP:        0.0.0.0
End source IP:          0.0.0.0

Okay , Now we can remote some ont via web from all ip-host where we can reach it from our network or PC.

After we finished , we can delete again for security reasons. why ? because we don’t want unauthorized people can remote that ont via wan connections :p

OL01#conf t
OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#no security-mng 212

Okay I think thats all ,

See You Next

and I hope this article help you sometime

harry chan putra

http://harrychanputra.web.id/

Next Post

Create 00. Config Awal OLT

Tue Mar 12 , 2024
Untuk Mikrotik di colok ke 10/100 untuk remote OLT.Mikrotik yg mengarah ke 10/100 tersebut diberi IP 136.1.1.1/24 lalu coba ping ke 136.1.1.100 ( ip OLT ) Agar dapat terhubung dengan Netnumen maka OLT harus disetting sebagai berikut ( telnet ke 136.1.1.100 dan paste config dibawah ini ) ############## Config agar […]

You May Like