This section describes the procedures for configuring OLT and ONT functionality. As an example, a PON part is configured for an OLT LTX-8 and two ONTs NTX-1, NTX-SFP-100 to implement this diagram. In this example, both subscriber terminals are physically connected to the same PON tree on the OLT PON-port 1 interface. It is necessary to configure service that offer subscriber services on uplink interfaces for connection with the upstream network, as well as on downlink PON interfaces of OLT and LAN interfaces of ONT for delivering services to end customers.
Two segments will be reviewed: connecting one subscriber with home router via ONT and connecting an access switch with multiple subscribers via NTX-SFP. The configuration of the third segment according to the diagram, which uses ONT NTX-1F with ethernet SFP connectivity, won't be reviewed, as this ONT model can be configured similarly to NTX-1 or NTX-SPF-100. |
Initial configuration of OLT in terms of control settings for network connection can be done through the OOB interface or through the console interface. For more details on configuring the management parameters, refer to the OLT user documentation. Below is the example of configuring OLT management parameters for the given diagram:
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# management ip 10.10.0.4 #specifying IP address of the OLT in the management network
LTX-8(configure)# management mask 255.255.0.0 #specifying the management subnet mask
LTX-8(configure)# management gateway 10.10.0.1 #specifying the default route
LTX-8(configure)# management vid 100 #specifying VLAN for managing OLT
LTX-8(configure)# interface front-port 1
LTX-8(config)(if-front-1)# vlan allow 100 #configuring VLAN management on the OLT uplink interface
LTX-8(configure)# do commit #applying the configuration
LTX-8(configure)# do save #saving the configuration to non-volatile memory |
NTX-1 configuration details:
- configuration identifier — interface ont 1/1;
- both services (Internet + IPTV) are provided at the uplink port of the access switch in untagged mode;
- both LAN interfaces are configured in case a subscriber needs to use multiple LAN ports of an ONT;
- given the of the services, only one cross-connect service profile is configured for both services.
NTX-SFP-100 configuration details:
- configuration identifier — interface ont 1/2;
- both services (Internet + IPTV) are provided at the LAN port egress in tagged mode;
- the device has a single internal ethernet interface to connect to the switch port, to which NTX-SFP connects. For OLT this interface has a LAN 1 identifier, so only one LAN port will be configured for the NTX-SFP;
- each service is assigned its own cross-connect profile;
- to manage the switch to which NTX-SFP (or NTX-1F) is connected, a separate service with a configured provider data network management VLAN is used.
For a graphical representation of the configured diagram with labeled parts, see the Configuring and health checking the equipment (XGS-PON diagram) section.
Configuration procedure
- Verify that the OLT pon-port to which the ONTs will be connected is configured for XGS-PON operation and an XGS-PON-compatible SFP transceiver is connected. If the value of pon-type matches gpon, xgs-pon value must be set.
LTX-8# show interface pon-port 1 state #viewing the PON SFP-transceiver status and interface operation mode
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# interface pon-port 1 #switching to PON channel 1 configuration mode
LTX-8(config)(if-pon-1)# pon-type xgs-pon #specifying the PON port operation mode
LTX-8(config)(if-pon-1)# do commit #applying the configuration
LTX-8(config)(if-pon-1)# do save #saving the configuration to non-volatile memory |
Changing the pon-type will cause reconfiguration of the OLT chip and a brief interruption in service provisioning for all ONTs connected to the OLT. |
- Form cross-connect and ports service profiles for ONT.
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# profile cross-connect HSI_NTX1 #switching to Internet service profile configuration mode for NTX-1
LTX-8(config)(profile-cross-connect-HSI_NTX1)# ont-mode bridge #setting the ONT operation mode as bridge
LTX-8(config)(profile-cross-connect-HSI_NTX1)# bridge group 20 #specifying the bridge group number (it can be any number that matches the one in profile ports)
LTX-8(config)(profile-cross-connect-HSI_NTX1)# outer vid 2149 #specifying service VLAN ID of the Internet service
LTX-8(config)(profile-cross-connect-HSI_NTX1)# user vid untagged #specifying the VLAN ID on the LAN ONT output
LTX-8(config)(profile-cross-connect-HSI_NTX1)# multicast enable #enabling multicast transmission
LTX-8(config)(profile-cross-connect-HSI_NTX1)# exit
LTX-8(configure)# profile cross-connect HSI_NTX-SFP #switching to Internet service profile configuration mode for NTX-SFP
LTX-8(config)(profile-cross-connect-HSI_NTX-SFP)# ont-mode bridge #setting the ONT operation mode as bridge
LTX-8(config)(profile-cross-connect-HSI_NTX-SFP)# bridge group 30 #specifying the bridge group number (it can be any number that matches the one in profile ports)
LTX-8(config)(profile-cross-connect-HSI_NTX-SFP)# outer vid 2149 #specifying service VLAN ID of the Internet service
LTX-8(config)(profile-cross-connect-HSI_NTX-SFP)# user vid 2149 #specifying the VLAN ID on the LAN ONT output
LTX-8(config)(profile-cross-connect-HSI_NTX-SFP)# exit
LTX-8(configure)# profile cross-connect IPTV_NTX-SFP #switching to IPTV service profile configuration mode for NTX-SFP
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# ont-mode bridge
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# bridge group 30
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# outer vid 30
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# user vid 30
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# multicast enable
LTX-8(config)(profile-cross-connect-IPTV_NTX-SFP)# exit
LTX-8(configure)# profile cross-connect MGMT_NTX-SFP #switch to profile configuration mode for the management VLAN of the switch behind the NTX-SFP
LTX-8(config)(profile-cross-connect-MGMT_NTX-SFP)# ont-mode bridge
LTX-8(config)(profile-cross-connect-MGMT_NTX-SFP)# bridge group 30
LTX-8(config)(profile-cross-connect-MGMT_NTX-SFP)# outer vid 100
LTX-8(config)(profile-cross-connect-MGMT_NTX-SFP)# user vid 100
LTX-8(config)(profile-cross-connect-MGMT_NTX-SFP)# exit
LTX-8(configure)# profile ports NTX1
LTX-8(config)(profile-ports-NTX1)# igmp multicast dynamic-entry 1 vid 30 group 224.0.0.1 239.255.255.254 #specifying the allowed range of multicast groups
LTX-8(config)(profile-ports-NTX1)# port 1 multicast enable #enabling multicast processing on ONT
LTX-8(config)(profile-ports-NTX1)# port 1 bridge group 20 #specifying the bridge group number (number should match the one in cross-connect)
LTX-8(config)(profile-ports-NTX1)# port 1 igmp downstream tag-control remove-tag #VLAN tag removal rule for downstream multicast
LTX-8(config)(profile-ports-NTX1)# port 1 igmp downstream vid 30 #VLAN ID of the downstream multicast traffic
LTX-8(config)(profile-ports-NTX1)# port 1 igmp upstream tag-control add-tag #VLAN tag addition rule for upstream multicast
LTX-8(config)(profile-ports-NTX1)# port 1 igmp upstream vid 2149 #VLAN ID of the upstream multicast traffic
LTX-8(config)(profile-ports-NTX1)# port 2 multicast enable #same configuration for LAN port 2
LTX-8(config)(profile-ports-NTX1)# port 2 bridge group 20
LTX-8(config)(profile-ports-NTX1)# port 2 igmp downstream tag-control remove-tag
LTX-8(config)(profile-ports-NTX1)# port 2 igmp downstream vid 30
LTX-8(config)(profile-ports-NTX1)# port 2 igmp upstream tag-control add-tag
LTX-8(config)(profile-ports-NTX1)# port 2 igmp upstream vid 2149
LTX-8(config)(profile-ports-NTX1)# exit
LTX-8(configure)# profile ports NTX-SFP
LTX-8(config)(profile-ports-NTX-SFP)# igmp multicast dynamic-entry 1 vid 30 group 224.0.0.1 239.255.255.254 #specifying the allowed range of multicast groups
LTX-8(config)(profile-ports-NTX-SFP)# port 1 multicast enable #enabling multicast processing on ONT
LTX-8(config)(profile-ports-NTX-SFP)# port 1 bridge group 20 #specifying the bridge group number (number should match the one in cross-connect)
LTX-8(config)(profile-ports-NTX-SFP)# port 1 igmp downstream tag-control pass #VLAN tag removal rule for the downstream multicast stream
LTX-8(config)(profile-ports-NTX-SFP)# port 1 igmp downstream vid 30 #VLAN ID of the downstream multicast traffic
LTX-8(config)(profile-ports-NTX-SFP)# port 1 igmp upstream tag-control pass #VLAN tag addition rule for upstream multicast stream
LTX-8(config)(profile-ports-NTX-SFP)# port 1 igmp upstream vid 30 #VLAN ID of the upstream multicast traffic
LTX-8(config)(profile-ports-NTX-SFP)# exit
LTX-8(config)# do commit #applying the configuration
LTX-8(config)# do save #saving the configuration to non-volatile memory |
- Configuring service VLAN on an OLT uplink interface, enabling IGMP snooping and proxy report.
LTX-8(configure)# vlan 30 #switching to VLAN 30 editing mode of the internal OLT switch
LTX-8(config)(vlan-30)# name IPTV #specifying the name of the VLAN
LTX-8(config)(vlan-30)# exit
LTX-8(configure)# vlan 2149 #switching to VLAN 2149 editing mode of the internal OLT switch
LTX-8(config)(vlan-2149)# name Internet #specifying the name of the VLAN
LTX-8(config)(vlan-2149)# exit
LTX-8(configure)# interface front-port 1 #switching to the uplink interface editing mode of front-port 1
LTX-8(config)(if-front-1)# vlan allow 30,2149 #adding VLAN to an uplink interface in the tagged (general) mode
LTX-8(config)(if-front-1)# do commit
LTX-8(config)(if-front-1)# exit
LTX-8(configure)# ip igmp snooping enable #enabling igmp snooping
LTX-8(configure)# ip igmp proxy report enable #enabling proxxying of the client igmp report requests
LTX-8(configure)# ip igmp proxy report range 224.0.0.1 239.255.255.254 from 2149 to 30 #enabling report requests of specified groups to be redirected from VLAN 2149 to VLAN 30
LTX-8(configure)# do commit
LTX-8(configure)# do save
LTX-8(configure)# exit |
- Registering ONT at OLT and assigning configuration to ONT.
LTX-8# show interface ont 1 connected #displaying the list of connected ONTs and their PON-serial (ONTs must be connected to OLT at the moment of entering the command)
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# interface ont 1/1 #switching to ont 1/1 configuration mode (channel number / id ont on the channel)
LTX-8(config)(if-ont-1/1)# serial ELTX6F0000EE #specifying pon-serial of an ONT (can be copied from the connected list)
LTX-8(config)(if-ont-1/1)# service 1 profile cross-connect HSI_NTX1 dba dba1 #assigning cross-connect internet+iptv profile to ONT
LTX-8(config)(if-ont-1/1)# profile ports NTX1 #assigning ports profile to ONT
LTX-8(config)(if-ont-1/1)# exit
LTX-8(configure)# interface ont 1/2 #switching to the ont 1/2 editing mode
LTX-8(config)(if-ont-1/2)# serial ELTXA50000F8 #specifying pon-serial of an ONT
LTX-8(config)(if-ont-1/2)# service 1 profile cross-connect HSI_NTX-SFP dba dba1 #assigning cross-connect internet profile to ONT
LTX-8(config)(if-ont-1/2)# service 2 profile cross-connect IPTV_NTX-SFP dba dba1 #assigning cross-connect profile of management VLAN to ONT
LTX-8(config)(if-ont-1/2)# service 3 profile cross-connect MGMT_NTX-SFP dba dba1 #assigning management VLAN profile to ONT
LTX-8(config)(if-ont-1/1)# profile ports NTX-SFP #assigning ports profile to ONT
LTX-8(config)(if-ont-1/1)# exit
LTX-8(configure)# do commit
LTX-8(configure)# do save |
When configuring service 1, the default bandwidth allocation (dba) profile dba1 is assigned to an ONT. This profile can be used for all ONT services. For more details on configuring dba profiles, refer to tOLT User Manual |
Verification of PON services operation
Examine the actions that can be performed to verify the operation of services, using ONT NTX-1 as an example.
- ONT status. The ONT status should be “OK” if an ONT is operating correctly.
LTX-8# show interface ont 1/1 state
-----------------------------------
[ONT 1/1] state
-----------------------------------
Serial number: ELTX6F0000EE
Pon-password:
Pon-port: 1
ONT ID: 1
Equipment ID: NTX-1
Hardware version: 4v0
Software version: 1.2.0.90
Equalization delay: 2074445
FEC state: Enable
Alloc IDs: 1791
State: OK
ONT distance: 0.178 [km]
RSSI: -12.72 [dBm] |
- Check the status of the MAC table for the given ONT on an OLT chip. During normal operation, there should be an entry with a MAC address of a client device connected behind the NTX-1 in the ONT's MAC table output. The entry must be learned in the Internet service VLAN.
LTX-8# show mac interface ont 1/1
Loading MAC table...
MAC port svid cvid uvid ONT gem type
------------------- ----------------- ------ ------ ------ ------ ------- ---------
EC:B1:E0:15:72:A6 pon-port 1 2149 1/1 1024 Dynamic
1 MAC entries |
- the status of the LAN ports. Port 1 should be in the "up" state when operating correctly. If down, check the physical connection between NTX-1 and the client equipment.
LTX-8# show interface ont 1/1 ports
-----------------------------------
[ONT 1/1] ports state
-----------------------------------
UNI ## 1 2
Link: up down
Speed: 1G n/a
Duplex: full n/a |
- To verify IPTV operation, the list of IGMP groups learned on the LTX can be checked. If the IGMP report sent by the client is received by the LTX, the requested group will be displayed in the list. When a client is viewing a channel, its counter should be updated every 125 seconds.
LTX-8# show ip igmp snooping groups vlan 30
VLAN 30: groups count – 1
1: 225.54.205.129
Filter mode EXCLUDE
Member pon-port 1, expires 00:04:10
Filter mode EXCLUDE
Group expires 00:04:10 |
- the list of trained multicast groups on the NTX-1 side.
LTX-8# show interface ont 1/1 counters ont-side multicast-subscriber-monitor
-----------------------------------
[ONT 1/1] counters
-----------------------------------
## Counters for ports: 1 2
--- ---------------------------- ---------- ----------
1 Current multicast bandwidth 0 0
2 Join messages counter 5 0
3 Bandwidth exceeded counter 0 0
4 Number of active groups 1 0
Port 1:
Group 1:
Client IP address: 192.168.101.97
Destination IP address: 225.54.205.129
Source IP address: 0.0.0.0
Recent join time: 3122
VLAN ID: 30
Actual bandwidth: 0 |
Additional OLT features (optional settings)
PPPoE Snooping / PPPoE Intermediate Agent
The PPPoE Snooping feature makes it possible to monitor user PPPoE sessions from the ONT. Also, enabling PPPoE Snooping is necessary for PPPoE Intermediate Agent feature, which allows modifying user PPPoE requests by adding additional vendor specific tags to them. For a complete list of possible parameters (tokens) that can be added, please refer to thOLT User Manual.
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# ip pppoe #switching to the PPPoE unit configuration mode
LTX-8(config)(pppoe)# snooping enable #enabling snooping
LTX-8(config)(pppoe)# exit
LTX-8(configure)# profile pppoe-ia test #switching to the mode of creating and editing a pppoe-ia profile with the name “test”
LTX-8(config)(profile-pppoe-ia-test)# circuit-id format %PONSERIAL%/%ONTID% #specifying the format of the circuit-id tag
LTX-8(config)(profile-pppoe-ia-test)# remote-id format %GEMID% #specifying the format of the remote-id tag
LTX-8(config)(profile-pppoe-ia-test)# exit
LTX-8(configure)# ip pppoe #switching to the PPPoE unit configuration mode
LTX-8(config)(pppoe)# pppoe-ia profile test #assigning the created PPPoe IA "test" profile to the OLT
LTX-8(config)(pppoe)# do commit
LTX-8(config)(pppoe)# do save |
DHCP Snooping / DHCP option 82
The DHCP Snooping functionality allows monitoring of user DHCP sessions from the ONT. Also enabling DHCP Snooping is necessary for the operation of the DHCP option 82 substitution functionality, which allows you to modify user DHCP requests by adding additional vendor specific tags to DHCP packets. For a complete list of possible parameters (tokens) that can be added, please refer to the OLT User Manual.
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# ip dhcp #switching to the DHCP unit configuration mode
LTX-8(config)(dhcp)# snooping enable #enabling snooping
LTX-8(config)(dhcp)# exit
LTX-8(configure)# profile dhcp-opt82 test #switching to the mode of creating and editing a dhcp-opt-82 profile with the name “test”
LTX-8(config)(profile-dhcp-opt82-test)# overwrite-opt82 enable
LTX-8(config)(profile-dhcp-opt82-test)# circuit-id format %PONSERIAL%/%ONTID% #specifying the format of a circuit-id tag
LTX-8(config)(profile-dhcp-opt82-test)# remote-id format %OPT82_RID% #specifying the format of a remote-id tag
LTX-8(config)(profile-dhcp-opt82-test)# exit
LTX-8(configure)# ip dhcp
#The created profile can be applied globally on the OLT for all ONTs and for all service VLANs:
LTX-8(config)(dhcp)# opt82 profile test
#Alternatively, the profile can be applied globally to all ONTs but for a specific VLAN:
LTX-8(config)(dhcp)# opt82 profile test vid 100
#It is also possible to apply the profile selectively to ONTs:
LTX-8(config)(dhcp)# exit
LTX-8(configure)# interface ont 1/1
LTX-8(config)(if-ont-1/1)# service 1 custom dhcp-opt82-profile service_1
LTX-8(config)(if-ont-1/1)# exit
LTX-8(configure)# exit
LTX-8# commit
LTX-8# save |
AAA
The AAA mechanism allows centralized management of the provider's personnel users in the management network, setting access rights to equipment for them and accounting of user actions on network nodes. RADIUS and TACACS+ protocols are supported for AAA operation. Let's take a look at the example of TACACS+ configuration.
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# aaa #switching to AAA parameters configuration mode
LTX-8(config)(aaa)# authentication tacacs+ #specifying the TACACS+ authorization method
LTX-8(config)(aaa)# authorization tacacs+ privilege #enabling user privileges acquisition via TACACS+
LTX-8(config)(aaa)# enable #enabling AAA
LTX-8(config)(aaa)# tacacs-server host 192.168.1.1 key 1234567-r0 #specifying TACACS server 1 and its authorization key
LTX-8(config)(aaa)# tacacs-server host 192.168.1.2 key 1234567-r1 #specifying TACACS server 2 and its authorization key (optional)
LTX-8(config)(aaa)# tacacs-server host 192.168.1.3 key 1234567-r2 #specifying TACACS server 3 and its authorization key (optional)
LTX-8(config)(aaa)# tacacs-server timeout 3 #optional specification of AAA server response timeout
LTX-8(config)(aaa)# tacacs-server host 192.168.1.2 port 444 #optional specification of TACACS+ server port, if it is different from the default one
LTX-8(config)(aaa)# do commit
LTX-8(config)(aaa)# do save |
After configuring TACACS+ or RADIUS authorization and authentication method, authorization of users from the local OLT user base will be possible only if an AAA server is unavailable. |
DHCP relay
The DHCP relay feature is a DHCP packets relay from a client network to a DHCP server via a routed network. Two configuration variants are possible. The first variant is used when DHCP server is on the same VLAN as OLT management. The second variant is used when DHCP server and OLT management are on different VLANs. In the second configuration option, broadcast DHCP requests from a client VLAN will be forwarded to an OLT management VLAN or a separate VLAN (depending on the configuration) and sent upstream to the network as unicast traffic. In examples below, management VLAN is 100, service VLAN for the user service is 2149 and the VLAN via which the DHCP server can be accessed (for one of the layout options) is VLAN 200.
#Configuration part that is similar for both variants:
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# ip dhcp #switching to the DHCP unit configuration mode
LTX-8(config)(dhcp)# snooping enable #enabling snooping globally
LTX-8(config)(dhcp)# snooping enable vlan 100, 200, 2149 #if necessary, instead of global activation, snooping can be enabled only for the VLANs in which relay will operate
LTX-8(config)(dhcp)# relay enable #enabling DHCP relay
#Variant 1 — DHCP server is on the same VLAN as OLT management. Specify the server address and client VLAN from which to redirect. Multiple servers can be specified, in which case redirection will be performed to all specified servers simultaneously, but a DHCP session will only be established with the first server that responds. In this case, the redirection will be performed via the management gateway.
LTX-8(config)(dhcp)# relay server-ip 172.16.20.5 vid 2149
LTX-8(config)(dhcp)# relay server-ip 172.16.20.200 vid 2149
LTX-8(config)(dhcp)# do commit
LTX-8(config)(dhcp)# do save
#Variant 2 – The DHCP server VLAN and management VLAN are different VLANs.
LTX-8(config)(dhcp)# relay server-ip 172.16.20.5 vid 2149 #specify DHCP server addresses
LTX-8(config)(dhcp)# relay server-ip 172.16.20.200 vid 2149 #specify DHCP server addresses
LTX-8(config)(dhcp)# exit
LTX-8(configure)# vlan 200
LTX-8(config)(vlan-200)# ip interface address 192.168.150.2 mask 255.255.255.0 #configure address for the interface from which to access the DHCP server
LTX-8(config)(vlan-200)# exit
LTX-8(configure)# ip route address 172.16.20.0 mask 255.255.255.0 gateway 192.168.150.1 name dhcp_server #configure a route to the server
LTX-8(configure)# do commit
LTX-8(configure)# do save |
SNMP
SNMP agent feature is enabled by default. Additional settings are given below.
To work with EMS, it is necessary to configure sending traps to the EMS server address. |
LTX-8# configure terminal #switching to OLT configuration mode
LTX-8(configure)# ip snmp user "rwuser" auth-password "rwpassword" enc-password "rwencrpass" access rw #adding a user with read/write privileges
LTX-8(configure)# ip snmp user "rouser" auth-password "ropassword" enc-password "roencrpass" access ro #adding a user with read-only privileges
LTX-8(configure)# ip snmp traps 192.168.1.11 type v2 #configuring the version of SNMP traps to be sent
LTX-8(configure)# ip snmp traps 192.168.1.12 type informs #configuring the type of SNMP traps to be sent
LTX-8(configure)# do commit
LTX-8(configure)# do save
SNMP agent can be disabled, if necessary.
LTX-8# configure terminal
LTX-8(configure)# no ip snmp enable
LTX-8(configure)# do commit
LTX-8(configure)# do save |
Telnet
By default, telnet access is enabled without restrictions. If you want to disable telnet access, use the commands below.
LTX-8# configure terminal
LTX-8(configure)# no ip telnet enable
LTX-8(configure)# do commit
LTX-8(configure)# do save |
SSH
By default, SSH access is enabled without restrictions. If you want to disable SSH access, use the commands below.
LTX-8# configure terminal
LTX-8(configure)# no ip ssh enable
LTX-8(configure)# do commit
LTX-8(configure)# do save |
SNMP/Telnet/SSH access control
Access control by management protocols is used to restrict subnets or IP addresses from which it is possible to connect to OLT by management protocols. When configuring the feature, a whitelist is formed, in which IP addresses or subnets from which access will be allowed are explicitly specified. For other subnets the access will be denied.
Any subnet from which the connection originates must be explicitly listed in the configuration, even if the IP address is the same as the OLT management subnet. When configuring, make sure that the list is specified correctly to avoid losing access to the OLT. |
LTX-8# configure terminal
LTX-8(configure)# ip snmp access-control #enabling SNMP access control
LTX-8(configure)# ip snmp allow ip 172.10.10.11 #specifying the host from which access by the specified protocol is allowed
LTX-8(configure)# ip snmp allow ip 192.168.0.0 mask 255.255.255.0 #specifying the subnet from which access by the specified protocol is allowed
LTX-8(configure)# ip telnet access-control #enabling telnet access control
LTX-8(configure)# ip telnet allow ip 172.10.10.11 #specifying the host from which access by the specified protocol is allowed
LTX-8(configure)# ip telnet allow ip 192.168.0.0 mask 255.255.255.0 #specifying the subnet from which access by the specified protocol is allowed
LTX-8(configure)# ip ssh access-control #enabling SSH access control
LTX-8(configure)# ip ssh allow ip 172.10.10.11 #specifying the host from which access by the specified protocol is allowed
LTX-8(configure)# ip ssh allow ip 192.168.0.0 mask 255.255.255.0 #specifying the subnet from which access by the specified protocol is allowed
LTX-8(configure)# do commit
LTX-8(configure)# do save |
NTP
Activation of the network time synchronization protocol client. Up to three NTP servers can be specified.
LTX-8# configure terminal
LTX-8(configure)# ip ntp server 192.168.1.10 #specifying server 1
LTX-8(configure)# ip ntp server 10.10.1.100 #specifying server 2
LTX-8(configure)# ip ntp server 192.168.20.101 #specifying server 3
LTX-8(configure)# ip ntp interval 4096 #specifying synchronization interval in seconds (values from 8 to 65536 are allowed)
LTX-8(configure)# ip ntp timezone hours 7 minutes 0 #specifying the time zone of your region (hours from -12 to 12, minutes from 0 to 59)
LTX-8(configure)# ip ntp enable #enabling NTP service
LTX-8(configure)# do commit
LTX-8(configure)# do save |
Web interface for OLT
To configure and monitor OLT condition, it is possible to use the OLT web interface. The web interface is disabled by default and can be enabled via CLI.
LTX-8# configure terminal
LTX-8(configure)# ip web enable #enabling web service
#There are multiple privilege levels for the web service — administrator/operator/viewer. By default, only a user named admin with administrator rights has access to the web interface. Examples of editing web prvileges:
LTX-8(configure)# user admin web-privilege operator #changing web access level to operator level for the existing admin user
LTX-8(configure)# user webadmin password webpassword web-privilege administrator #creating a user named "webadmin" with administrator level web privileges
LTX-8(configure)# user monitoring password monitoring web-privilege viewer #creating a user named "monitoring" with viewer level web privileges
LTX-8(configure)# no user operator web-privilege #deny access to web for a user named "operator"
LTX-8(configure)# do commit
LTX-8(configure)# do save |