The user-interface vty acl command uses an ACL to restrict login rights of users on a terminal.
The undo user-interface vty acl command cancels the configuration.
By default, login rights are not restricted.
user-interface vty ui-number acl [ ipv6 ] acl-number { inbound | outbound }
undo user-interface vty ui-number acl [ ipv6 ] { inbound | outbound }
| Parameter | Description | Value |
|---|---|---|
vty ui-number |
Specifies the VTY user interface number. |
The value is an integer that ranges from 0 to 4. |
ipv6 |
Indicates an ACL6 number. |
- |
acl-number |
Specifies the number of an ACL. |
The value is an integer ranging from 3000 to 3031. |
inbound |
Restricts users with an address or within an address segment to log in to the device. |
- |
outbound |
Restricts users who have logged in to the device from logging in to other devices. |
- |
Usage Scenario
This command restricts the login rights of a user interface based on the source IP address, destination IP address, source port, or destination port. You can use this command to permit or deny access to a destination or from a source.
Prerequisites
Before running this command, run the acl (system view) in the system view and run the rule (basic ACL view) or rule (advanced ACL view) command to configure an ACL.
If no rule is configured, login rights on the user interface are not restricted when the acl command is executed.
Precautions
After the configurations of the ACL take effect, all users on the user interface are restricted by the ACL.
You can configure all of the following ACL types: IPv4 inbound, IPv4 outbound, IPv6 inbound, and IPv6 outbound on a user interface. Only one ACL of each type can be configured on a user interface, and only the latest configuration of an ACL takes effect.
# Restrict the Telnet login rights on user interface VTY 0.
<HUAWEI> system-view [HUAWEI] acl 3001 [HUAWEI-acl-adv-3001] rule deny tcp source any destination-port eq telnet [HUAWEI-acl-adv-3001] quit [HUAWEI] wlan [HUAWEI-wlan-view] ap-system-profile name huawei [HUAWEI-wlan-ap-system-prof-huawei] user-interface vty 0 acl 3001 outbound