Controlling user logins
To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs,
ACL and QoS Configuration Guide.
see
Controlling Telnet logins
Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000
to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header
ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
To access the device, a Telnet user must match a permit statement in the ACL applied to the user interface.
Configuring source IP-based Telnet login control
Step
1.
Enter system view.
2.
Create a basic ACL and enter
its view, or enter the view of an
existing basic ACL.
3.
Configure an ACL rule.
4.
Exit the basic ACL view.
5.
Enter user interface view.
6.
Use the ACL to control user
logins by source IP address.
Configuring source/destination IP-based Telnet login control
Command
system-view
acl-number
acl [ ipv6 ] number
name
] [ match-order { config | auto } ]
•
For IPv4 networks:
rule-id
rule [
] { deny | permit }
[ counting | fragment | logging |
sour-addr sour-wildcard
source {
time-range-name
any } | time-range
*
•
For IPv6 networks:
rule-id
rule [
] { deny | permit }
[ counting | fragment | logging |
routing-type
routing [ type
ipv6-address prefix-length
{
ipv6-address
prefix-length
/
time-range-name
time-range
quit
type
first-number
user-interface [
]
last-number
[
]
acl-number
acl [ ipv6 ]
{ inbound |
outbound }
32
Remarks
N/A
[ name
By default, no basic ACL
exists.
|
]
By default, a basic ACL
does not contain any rule.
] | source
|
| any } |
]
N/A
N/A
•
inbound: Filters
incoming packets.
•
outbound: Filters
outgoing packets.