Security Policy Configuration Guide For FD11xx EPON OLT

Preface:C-Data FD11xx Pizza-Box EPON OLT series products is 1U high 19 inch rack mount product. The features of the OLT are small, convenient, flexible, easy to deploy, high performance. It is appropriate to deploy in an compact room environment. This article proposes security suggestions based on experience and actual user scenarios in the OLT side to enhance the security of the access network.

1.Security configuration suggestions

1.1 Configuration suggestion for username and password

The first time when you log in to the device, please modify the user name and password, including ordinary accounts and super users. The user password must meet the password complexity principle: the length is between 8-12 digits, and the combination of numbers,uppercase and lowercase letters is used,and continuous numbers or continuous numbers are avoided.Do not use phone,birthday,personal name,ID and other information known to others as passwords,and change the password regularly

Case:Add new user test9,user role is superuser,password is Dscn@#0247



Case:Modify new password of user test9 as Wsdf#$9345



1.2 Configuration suggestion for SNMP

If you do not use ems, web and other network management platforms that use the snmp protocol, it is recommended not to open the snmp protocol. If you need to enable snmp, do not configure the two well-known communities, public and private, and customize the random read-write community;

Case:Config OLT SNMP read community is Pdfrd34#,wirte community is Yosjd34@



1.3 Configure management VLAN

The configuration of management VLAN can effectively isolate the device from other VLANs to achieve more secure protection.

Case:config inbind management vlan is 200

epon# system ipconfig mgmt-vlan 200

1.4 Enable OLT access control

The FD11xx series OLT version which built time is 200601 or later, Access control can be based on ip and mac address. For login security, it is recommended to configure this function, only add the ip or mac address of the administrator, and restrict other ip or mac to log in to the device .

Case:Only allow device which ip is login OLT,Note:epon# system access-control admin enable must in the behind of the command of system access-control …



1.5 Disable web service

If you don’t use web to manage OLT,please disable web service,command as follows:

epon olt7

Summary:The FD11xx OLT has been used to IP Camera, Enterprise LAN and IOT applications.

The EPON OLT is popular used in ISP network, campus network, enterprise network. Since the users have different networking and application scenarios, this article proposes security recommendations on the EPON OLT side for users who lack an upper-level firewall or expose the OLT on the public network, in order to reduce the risk of hacker attacks.