I’ll give an example of how to allow connections to the BDCOM OLT web interface only from specified IP addresses; in a similar way, you can limit other traffic to the OLT, as well as traffic passing to users through the OLT.
Let’s connect to the device and go to configuration mode:
enable
config
Let’s create an extended access list in which we will allow addresses 10.0.50.200 and 10.0.50.201 to connect on port 80 (www) to 10.0.50.55 (this is the IP address of the OLT), then we will prohibit all other http traffic up to 10.0.50.55 and allow all non-http:
ip access-list extended OPERATOR
permit tcp 10.0.50.200 255.255.255.255 10.0.50.55 255.255.255.255 eq www
permit tcp 10.0.50.201 255.255.255.255 10.0.50.55 255.255.255.255 eq www
deny tcp any 10.0.50.55 255.255.255.255 eq www
permit ip any any
After creating the access list, it must be applied to the desired interface, since the OLT IP address in my case was assigned to the VLAN207 interface, then I applied to it:
interface VLAN207
ip access-group OPERATOR in
Now you can start the web server and save the changes:
ip http server
write all
See also my articles:
About BDCOM
BDCOM. Adding a user with limited rights