Chapter 3 Acl Configuration; Overview; Configuring Acl For Telnet Users; Defining Acl - Huawei Quidway S6500 Series Operation Manual

Operation Manual - QoS/ACL
Quidway S6500 Series Ethernet Switches

Chapter 3 ACL Configuration

3.1 Overview

Security problems draw more and more attentions with increasingly extensive
application of Ethernet switches. Currently Ethernet switches support three major
access modes: SNMP (Simple Network Management Protocol) access, Telnet access
and HTTP (Hypertext Transfer Protocol) access. Security control is achieved at two
levels: Connection request control is achieved at the first level and appropriate ACL
configuration ensures that only legal users can be connected to the switch. Password
authentication is achieved at the second level and only those connected, with correct
passwords, can log successfully onto the switch
Here the first level security control, ACL configuration, is detailed only. See the
Configuration Manual – Getting Started for the second level control.

3.2 Configuring ACL for Telnet Users

This configuration can filter out malicious or illegal connection request before password
authentication.
Two steps are included in this configuration:
1) Define an ACL
2) Import the ACL to control Telnet users

3.2.1 Defining ACL

Currently only number-based ACLs can be imported, with the number ranging from
2000 to 3999.
Please perform the following configurations in system view.
Table 3-1 Defining basic ACL
Operation
Enter
(system view)
Define a sub-rule (basic
ACL view)
Delete a sub-rule (basic
ACL view)
basic ACL acl { number acl-number | name acl-name
match-order { config | auto }
rule [ rule-id ] { permit | deny } [ source source-addr
wildcard | any ] [ fragment ] [ time-range name ]
undo rule rule-id [ source ] [ fragment ] [ time-range ]
Huawei Technologies Proprietary
Command
3-1
Chapter 3 ACL Configuration
basic }