Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Getting Started Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
95
inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY user
interface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule,
the connection is allowed to be established. When the device functions as a Telnet server or SSH server,
use this keyword to control access of Telnet clients or SSH clients.
outbound: Restricts Telnet connections established in the outbound direction through the VTY user
interface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, the
connection is allowed to be established. When the device functions as a Telnet client, use this keyword
to define Telnet servers accessible to the client.
Usage guidelines
If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over
establishing a Telnet or SSH connection.
If an ACL is referenced in VTY user interface view, the connection is permitted to be established only
when packets for establishing a Telnet or SSH connection match a permit statement in the ACL.
The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with
the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in
one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most
one ACL of each type can be referenced in the same VTY user interface, and the last configured one
takes effect.
For more information about ACL, see Access Control Configuration Guide.
Examples
# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
After the configuration, user A (with the IP address 192.168.1.26) can Telnet to the device, but user B (with
the IP address 192.168.1.60) cannot. Upon a connection failure, a message appears: "%connection
closed by remote host!"
# Allow the device to only Telnet to the Telnet server with IP address 192.168.1.41.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0
[Sysname-acl-adv-3001] quit
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 3001 outbound
[Sysname-ui-vty0-4] return
<Sysname>
After your configuration, if you Telnet to 192.168.1.46, your operation fails.
<Sysname> telnet 192.168.1.46
%Can't access the host from this terminal!
But you can Telnet to 192.168.1.41.
<Sysname> telnet 192.168.1.41
Trying 192.168.1.41 ...