Controlling User Logins; Controlling Telnet Logins; Configuring Source Ip-Based Telnet Login Control; Configuring Source/Destination Ip-Based Telnet Login Control - H3C WA4600 Series Fundamentals Configuration Manual

Controlling user logins

To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs,
ACL and QoS Configuration Guide.
see

Controlling Telnet logins

Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000
to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header
ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
To access the device, a Telnet user must match a permit statement in the ACL applied to the user interface.

Configuring source IP-based Telnet login control

Step
1. Enter system view.
2. Create a basic ACL and enter
its view, or enter the view of an
existing basic ACL.
3. Configure an ACL rule.
4. Exit the basic ACL view.
5. Enter user interface view.
6. Use the ACL to control user
logins by source IP address.

Configuring source/destination IP-based Telnet login control

Command
system-view
acl-number
acl [ ipv6 ] number
name
] [ match-order { config | auto } ]
•
For IPv4 networks:
rule-id
rule [ ] { deny | permit }
[ counting | fragment | logging |
sour-addr sour-wildcard
source {
time-range-name
any } | time-range
*
•
For IPv6 networks:
rule-id
rule [ ] { deny | permit }
[ counting | fragment | logging |
routing-type
routing [ type
ipv6-address prefix-length
{
ipv6-address prefix-length
/
time-range-name
time-range
quit
type first-number
user-interface [ ]
last-number
[ ]
acl-number
acl [ ipv6 ] { inbound |
outbound }
32
Remarks
N/A
[ name By default, no basic ACL
exists.
|
]
By default, a basic ACL
does not contain any rule.
] | source
|
| any } |
]
N/A
N/A
•
inbound: Filters
incoming packets.
•
outbound: Filters
outgoing packets.