H3C S9500 Series Operation Manual page 1069

Operation Manual – QoS
H3C S9500 Series Routing Switches
Chapter 4 Logon User ACL Control Configuration
When configuring logon user ACL control, go to these sections for information you are
interested in:
Logon User ACL Control Overview
Configuring ACL for Telnet/SSH Users
Applying an ACL for SNMP Users
Layer 2 ACL Control Configuration Example
Basic ACL Control Configuration Example
ACL Control over SNMP Users Configuration Example
4.1 Logon User ACL Control Overview
Currently, an S9500 series switch provides the following three measures for remote
access:
Telnet
Security shell (SSH)
Simple network management protocol (SNMP)
An S9500 series switch provides security control for these three access measures to
prevent unauthorized users from logging in/and accessing it. There are two levels of
security controls.
The first level is implemented by applying ACLs to filter the users that are to
connect to the switch. Only authorized users are capable of accessing the switch.
The second level is implemented by password authentication. A user can log into
the switch only after passing the password authentication.
This chapter mainly describes how to configure the first level security control over these
access measures, that is, how to filter the users logging onto the switch with ACL.
4.2 Configuring ACL for Telnet/SSH Users
You can configure ACLs for the users who access the switch through Telnet or SSH to
filter out the malicious or unauthorized connection requests before the password
authentication to secure the switch.
4.2.1 Configuration Prerequisites
You have correctly configured the switch using Telnet or SSH.
Chapter 4 Logon User ACL Control
4-1
Configuration