To separate services from management routes,
the management interface of the CE6810 is added to a VPN instance and the
default routing information of the VPN instance is added.
After the SSH service for the VTY is globally enabled, users can
remotely log in to the CE6810 through the management interface.
After an ACL is invoked in the VTY, users
cannot remotely log in to the CE6810.
The following information is displayed when
you remotely log in to the switch using the XSHELL.
Info: The max number of VTY users is 5, and the number of current VTY users on
line is 1.
Socket error Event: 32 Error: 10053.
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(192.168.200.5:22) at 09:25:25
1. Ping the management interface
address of the CE6810 from the user terminal. The ping operation succeeds.
2. Remove the ACL from the VTY and
log in to the switch remotely. The login succeeds.
3. Check whether the ACL permits
the client address. The check result indicates that the ACL permits the client
4. Run the dis acl all command.
The command output indicates that no data packet is matched.
To apply an ACL to a VPN instance, you need to add VPN instance parameters
when creating an ACL.
Add VPN instance parameters to the ACL.
acl name Permit_RemoteAccess_SouceIP
rule 5 permit ip vpn-instance ManageNet source 172.16.1.251 0
rule 10 permit ip vpn-instance ManageNet source 172.20.1.211 0
rule 15 permit ip vpn-instance ManageNet source 172.20.1.242 0
VPN instance parameters need to be added to many services when they
are sent through a VPN instance interface.