acl (user interface view)

Function

The acl command uses an ACL to restrict login rights of users on a terminal.

The undo acl command cancels the configuration.

By default, login rights are not restricted.

Format

acl [ ipv6 ] { acl-number | acl-name } { inbound | outbound }

undo acl [ ipv6 ] [ acl-number | acl-name] { inbound | outbound }

Parameters

Parameter	Description	Value
ipv6	Indicates an ACL6 number.	-
acl-number	Specifies the number of an ACL.	The value is an integer ranging from 2000 to 3999. 2000-2999: restricts the source address using the basic ACL. 3000-3999: restricts the source and destination addresses using the advanced ACL.
acl-name	Specifies the name of an ACL.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter. NOTE: When the number of the ACL configured using the acl name command ranges from 2000 to 3999, the acl-name parameter can be successfully delivered using the acl (user interface view) command. 2000-2999: restricts the source address using the basic ACL. 3000-3999: restricts the source and destination addresses using the advanced ACL.
inbound	Restricts users with an address or within an address segment from logging in to a device.	-
outbound	Restricts users who have logged in to a device from logging in to other devices.	-

Views

User interface view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command restricts the login rights of a user interface based on the source IP address, destination IP address, source port, destination port, VPN instance, or packets whose protocol type is TCP. You can use this command to permit or deny access to a destination or from a source.

Prerequisites

An ACL has been configured using the acl (system view) and rule (basic ACL view) commands or using acl (system view) and rule (advanced ACL view) commands.

If no rule is configured, login rights on the user interface are not restricted when the acl command is run.

Precautions

After the configurations of the ACL take effect, all users on the user interface are restricted by the ACL.

You can configure all of the following ACL types: IPv4 inbound, IPv4 outbound, IPv6 inbound, and IPv6 outbound on a user interface. Only one ACL of each type can be configured on a user interface, and only the latest configuration of an ACL takes effect.

Console interface does not support this command.

Example

# Restrict the Telnet login rights on user interface VTY 0 using an ACL.

<HUAWEI> system-view

[HUAWEI] acl 3001

[HUAWEI-acl-adv-3001] rule deny tcp destination-port eq telnet

[HUAWEI-acl-adv-3001] quit

[HUAWEI] user-interface vty 0

[HUAWEI-ui-vty0] acl 3001 outbound

# Remove the restriction on the Telnet login rights on user interface VTY 0.

<HUAWEI> system-view

[HUAWEI] user-interface vty 0

[HUAWEI-ui-vty0] undo acl outbound