Controlling user logins
To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs,
see ACL and QoS Configuration Guide.
FIPS compliance
In Release 1 1 18 and later versions, the device supports the FIPS mode that complies with NIST FIPS 140-2
requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS
mode. For more information about FIPS mode, see Security Configuration Guide.
Telnet and HTTP are not supported in FIPS mode.
Unless otherwise stated, the device is operating in non-FIPS mode in the following configuration
examples.
Controlling Telnet logins (not supported in FIPS
mode)
Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000
to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header
ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
To access the device, a Telnet user must match a permit statement in the ACL applied to the user interface.
Configuring source IP-based Telnet login control
Step
1.
Enter system view.
2.
Create a basic ACL and
enter its view, or enter the
view of an existing basic
ACL.
Command
system-view
acl [ ipv6 ] number acl-number
[ name name ] [ match-order { config
| auto } ]
57
Remarks
N/A
By default, no basic ACL exists.