< Home

(Optional) Configuring an ACL to Control Telnet or STelnet Access to a Device

Context

You can configure a security policy when configuring Telnet or STelnet access to a device.

Procedure

  • Control access from other devices to the local device.
    • Configure an ACL to control devices that can access the local device through Telnet:

      1. Run acl acl-number or acl ipv6 acl6-number

        An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

        The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

      2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

        An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

      3. Run quit

        Exit from the ACL or ACL6 view.

      4. Configure an ACL to control the devices allowed access to the local device.
        • Run the telnet [ ipv6 ] server acl acl-number command on the device that accesses the local device through Telnet.
        • Run the ssh [ ipv6 ] server acl acl-number command on the device that accesses the local device through STelnet.
    • Configure an ACL to control devices that can access the local device through the VTY user interface:

      1. Run acl acl-number or acl ipv6 acl6-number

        An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

        The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

      2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

        An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

      3. Run quit

        Exit from the ACL or ACL6 view.

      4. Run user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run acl [ ipv6 ] { acl-number | acl-name } inbound

        ACL-based access control is configured for the VTY user interface.

  • Control access from the local device to other devices.

    1. Run acl acl-number or acl ipv6 acl6-number

      An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

      The value of acl-number or acl6-number must be within the range from 3000 to 3999 (advanced ACLs).

    2. Configure an ACL or ACL6 rule to prohibit the local device from accessing other devices.

      • For Telnet access to the device, run the rule deny tcp destination-port eq 22 command.
      • For STelnet access to the device, run the rule deny tcp destination-port eq telnet command.

    3. Run quit

      Exit from the ACL or ACL6 view.

    4. Run user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    5. Run acl [ ipv6 ] { acl-number | acl-name } outbound

      ACL-based access control is configured for the VTY user interface.

Verifying the Configuration

  • Run the display acl { acl-number | name acl-name | all } command to check the ACL configuration.

Parent Topic: CLI Login Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >