Controlling user access
Use ACLs to prevent unauthorized access and configure command authorization and accounting to
monitor and control user behaviors. For more information about ACLs, see ACL and QoS Configuration
Guide.
Controlling Telnet/SSH logins
Use basic ACLs (2000 to 2999) to filter Telnet and SSH logins by source IP address. Use advanced ACLs
(3000 to 3999) to filter Telnet and SSH logins by source and/or destination IP address. Use Ethernet
frame header ACLs (4000 to 4999) to filter Telnet and SSH logins by source MAC address.
If an applied ACL does not exist or has no rules, no user login restriction is applied. If the ACL exists and
has rules, only users permitted by the ACL can access the device through Telnet or SSH.
Configuration procedures
To control Telnet logins:
Step
1.
Enter system view.
2.
Apply an ACL to filter
Telnet logins.
To control SSH logins:
Step
1.
Enter system view.
2.
Apply an ACL to filter
SSH logins.
Configuration example
Network requirements
Configure the device in
Command
system-view
•
telnet server acl acl-number
•
telnet server ipv6 acl [ ipv6 ]
acl-number
Command
system-view
•
ssh server acl acl-number
•
ssh server ipv6 acl [ ipv6 ]
acl-number
Figure 25
to permit only Telnet packets sourced from Host A and Host B.
57
Remarks
N/A
By default, no ACL is used to filter
Telnet logins.
Remarks
N/A
By default, no ACL is used to filter
SSH logins.
For more information about these
two commands, see Security
Command Reference.