No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - WLAN-AC

S5700 and S6720 V200R012C00

This document describes the configurations of WLAN, including WLAN Service Configuration, Radio Resource Management, Roaming, WLAN QoS, WLAN Security, WDS, Mesh, Location, Hotspot 2.0, Dual-Link Cold Backup, N+1 Backup.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL-based Login Control for the VTY User Interface of APs

Configuring ACL-based Login Control for the VTY User Interface of APs

Context

You can use the ACL to restrict login permissions on the VTY user interface. Before configuring restrictions on login permissions on the VTY user interface, run the acl command in the system view to create an ACL and enter the ACL view, and run the rule command to add rules for accessing the ACL.

NOTE:
  • The user interface supports basic ACLs (2000-2999) and advanced ACLs (3000-3999).

  • ACL rule:
    • When permit is used in the ACL rule:
      • If the ACL is applied in the inbound direction, other devices that match the ACL rule can access the local device.
      • If the ACL is applied in the outbound direction, the local device can access other devices that match the ACL rule.
    • When deny is used in the ACL rule:

      • If the ACL is applied in the inbound direction, other devices that match the ACL rule cannot access the local device.
      • If the ACL is applied in the outbound direction, the local device cannot access other devices that match the ACL rule.
    • When the ACL rule is configured but packets from other devices do not match the rule:

      • If the ACL is applied in the inbound direction, other devices cannot access the local device.
      • If the ACL is applied in the outbound direction, the local device cannot access other devices.
    • When the ACL contains no rule:

      • If the ACL is applied in the inbound direction, any other devices can access the local device.
      • If the ACL is applied in the outbound direction, the local device can access any other devices.
  • For details on how to configure the ACL, see "ACL Configuration" in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - Security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run user-interface vty ui-number acl acl-number { inbound | outbound }

    ACL restrictions on VTY login permissions are configured.

    By default, login rights are not restricted.

    • To restrict users at a specified address or address segment from logging in to the device, use the inbound parameter.
    • To restrict users who have log in to a device from logging in to other devices, use the outbound parameter.

  5. Run quit

    Return to the WLAN view.

  6. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038361

Views: 127917

Downloads: 383

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next