ssh server acl

Function

The ssh server acl command configures the ACL to control the access of clients for STelnet, SFTP, SCP and SNetconf.

The undo ssh server acl command cancels the ACL configuration.

By default, no ACL is configured.

Format

ssh server acl { acl4name | acl4num }

ssh ipv6 server acl { acl6name | acl6num }

undo ssh server acl

undo ssh ipv6 server acl

Parameters

Parameter Description Value
acl4name

Specifies the ACL4 name.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).
acl4num

Specifies the IPv4 ACL number.

ACL number is an integer data type. The basic acl number value ranges from 2000 to 2999, the advanced acl number value ranges from 3000 to 3999.
ipv6

IPv6 protocol.

-
acl6name

Specify the ACL6 name.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).
acl6num

Specifies the ACL6 number.

ACL number is an integer data type. The basic acl number value ranges from 2000 to 2999, the advanced acl number value ranges from 3000 to 3999.
name

Specifies the ACL name.

-

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
ssh-server write

Usage Guidelines

Usage Scenario

If a device serves as

  • STelnet client, you can configure the ACL on the device to control the login of the local device to the STelnet server through STelnet.
  • SFTP client, you can configure the ACL on the device to control the login of the local device to the SFTP server through SFTP.
  • SFTP client, you can configure the ACL on the device to control the login of the local device to the SCP server through SFTP.
  • SNetconf client, you can configure the ACL on the device to control the login of the local device to the SNetconf server through SNetconf.

Prerequisites

Run the acl command to create an ACL.

Precautions

  • If no rule is configured, the incoming and outgoing calls are not restricted after the command ssh server acl is run.
  • The command ssh server acl BW11only takes effect for ipv4 client.
  • User can restrict the source address by using basic ACL and by using advanced ACL the user can restrict the source and destination address.
  • An ACL bound to an SSH server supports only the source IP address, source port number, destination IP address, and destination port number. If the destination address is bound to a VPN instance, the vpn-instance parameter must be set when creating an ACL rule. Otherwise, the login fails.

Example

# Set ACL rule 2000 to ssh server.
<HUAWEI> system-view
[~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] ssh server acl 2000
# Set ACL6 rule 2000 to ssh server.
<HUAWEI> system-view
[~HUAWEI] acl ipv6 name test
[*HUAWEI-acl6-advance-test] quit
[*HUAWEI] ssh ipv6 server acl test
Parent Topic: SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >