Nowaday, some unauthorized people can login into ZTE ont with telnet protocol.
it’s really annoying sometime. But don’t worry, we can block telnet protocol ONT from OLT.
Here a screenshot before i execute a command :
Now time to configure our olt. but you should know where location from that ont.
for example that ont locating to slot 7 port 1 onu id 11.
OL01#conf t
OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#security-mng 211 state enable ingress-type lan mode discard protocol telnet
Okay, Time to see a result :p
Now we can see that telnet port is filtered / closed . i already tried to telnet but didn’t.
beside that, if we have a case we want to login from ont user via outside connection. we can enable that service from OLT via wan connection.
why we need to activate this service. sometimes , as network administrator there is some part of configuration we need to check or configure in users ont . like VOIP element or maybe we want to set SSID name remotely. and because is more easy to do it than we guide a user to login ont via console :p.
Okay Let’s Go to configure this :
OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#security-mng 212 mode permit state enable ingress-type wan protocol web
and we can confirm that command is active or not with :
OL01#show gpon remote-onu security-mng gpon-onu_1/7/1:11
Service control index: 211
State: enable
Control mode: discard –> default is permitService list: telnet
Ingress type: LAN –> from Inside ConnectionStart source IP: 0.0.0.0
End source IP: 0.0.0.0
Service control index: 212
State: enable
Control mode: permit –> default is discardService list: web
Ingress type: WAN –> from Outside ConnectionStart source IP: 0.0.0.0
End source IP: 0.0.0.0
Okay , Now we can remote some ont via web from all ip-host where we can reach it from our network or PC.
After we finished , we can delete again for security reasons. why ? because we don’t want unauthorized people can remote that ont via wan connections :p
OL01#conf t
OL01(config)#pon-onu-mng gpon-onu_1/7/1:11
OL01(gpon-onu-mng)#no security-mng 212
Okay I think thats all ,
See You Next
and I hope this article help you sometime