No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
S600-E V200R019C10 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, BootLoad Menu Operation.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring an ACL to Control Telnet or STelnet Access to a Device

(Optional) Configuring an ACL to Control Telnet or STelnet Access to a Device

Context

You can configure a security policy when configuring Telnet or STelnet access to a device.

Procedure

  • Control access from other devices to the local device.
    • Configure an ACL to control devices that can access the local device through Telnet:

      1. Run acl acl-number or acl ipv6 acl6-number

        An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

        The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

      2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

        An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

      3. Run quit

        Exit from the ACL or ACL6 view.

      4. Configure an ACL to control the devices allowed access to the local device.
        • Run the telnet [ ipv6 ] server acl acl-number command on the device that accesses the local device through Telnet.
        • Run the ssh [ ipv6 ] server acl acl-number command on the device that accesses the local device through STelnet.
    • Configure an ACL to control devices that can access the local device through the VTY user interface:

      1. Run acl acl-number or acl ipv6 acl6-number

        An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

        The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

      2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

        An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

      3. Run quit

        Exit from the ACL or ACL6 view.

      4. Run user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run acl [ ipv6 ] { acl-number | acl-name } inbound

        ACL-based access control is configured for the VTY user interface.

  • Control access from the local device to other devices.

    1. Run acl acl-number or acl ipv6 acl6-number

      An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

      The value of acl-number or acl6-number must be within the range from 3000 to 3999 (advanced ACLs).

    2. Configure an ACL or ACL6 rule to prohibit the local device from accessing other devices.

      • For Telnet access to the device, run the rule deny tcp destination-port eq 22 command.
      • For STelnet access to the device, run the rule deny tcp destination-port eq telnet command.

    3. Run quit

      Exit from the ACL or ACL6 view.

    4. Run user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    5. Run acl [ ipv6 ] { acl-number | acl-name } outbound

      ACL-based access control is configured for the VTY user interface.

Verifying the Configuration

  • Run the display acl { acl-number | name acl-name | all } command to check the ACL configuration.

Translation
简体中文
Download
Updated: 2022-05-25

Document ID: EDOC1100127196

Views: 95399

Downloads: 27

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :