R3721-F3210-F3171-HP High-End Firewalls Getting Started Command Reference-6PW101

The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with

the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in

one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most

one ACL of each type can be referenced in the same VTY user interface, and the last configured one

takes effect.

Examples

# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0

[Sysname-acl-basic-2001] quit

[Sysname] user-interface vty 0

[Sysname-ui-vty0] acl 2001 inbound

After your configuration, user A (with IP address 192.168.1.26) can telnet to the device while user B (with

IP address 192.168.1.60) cannot telnet to the device. Upon a connection failure, a message appears,

saying "%connection closed by remote host!"

# Allow the device to only telnet to the Telnet server with IP address 192.168.1.41.

<Sysname> system-view

[Sysname] acl number 3001

[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0

[Sysname-acl-adv-3001] quit

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] acl 3001 outbound

[Sysname-ui-vty0-4] return

After your configuration, if you telnet to 192.168.1.46, your operation fails.

<Sysname> telnet 192.168.1.46

%Can't access the host from this terminal!

But you can telnet to 192.168.1.41.

<Sysname> telnet 192.168.1.41

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

free web-users

Syntax

free web-users { all | user-id user-id | user-name user-name }

View

User view

Default level

2: System level

Parameters

all: Specifies all web users.