To separate services from management routes, the management interface of the CE6810 is added to a VPN instance and the default routing information of the VPN instance is added.
After the SSH service for the VTY is globally enabled, users can remotely log in to the CE6810 through the management interface.
After an ACL is invoked in the VTY, users cannot remotely log in to the CE6810.
The following information is displayed when you remotely log in to the switch using the XSHELL.
Info: The max number of VTY users is 5, and the number of current VTY users on line is 1.
Socket error Event: 32 Error: 10053.
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(192.168.200.5:22) at 09:25:25
1. Ping the management interface address of the CE6810 from the user terminal. The ping operation succeeds.
2. Remove the ACL from the VTY and log in to the switch remotely. The login succeeds.
3. Check whether the ACL permits the client address. The check result indicates that the ACL permits the client address.
4. Run the dis acl all command. The command output indicates that no data packet is matched.
To apply an ACL to a VPN instance, you need to add VPN instance parameters when creating an ACL.
Add VPN instance parameters to the ACL.
acl name Permit_RemoteAccess_SouceIP
rule 5 permit ip vpn-instance ManageNet source 172.16.1.251 0
rule 10 permit ip vpn-instance ManageNet source 172.20.1.211 0
rule 15 permit ip vpn-instance ManageNet source 172.20.1.242 0
VPN instance parameters need to be added to many services when they are sent through a VPN instance interface.