Manualshelf

R3303-HP HSR6800 Routers Fundamentals Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
11121314151617181920
14
Usage guidelines
If no ACL is referenced in VTY user interface view, the VTY user interface has no access control over
establishing a Telnet or SSH connection.
If an ACL is referenced in VTY user interface view, the connection is permitted to be established only
when packets for establishing a Telnet or SSH connection match a permit statement in the ACL.
The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with
the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in
one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most
one ACL of each type can be referenced in the same VTY user interface, and the last configured one
takes effect.
For more information about ACL, see ACL and QoS Command Reference.
Examples
# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
After the configuration, user A (with the IP address 192.168.1.26) can Telnet to the device, but user B (with
the IP address 192.168.1.60) cannot. Upon a connection failure, a message appears: "%connection
closed by remote host!"
# Allow the device to only Telnet to the Telnet server with IP address 192.168.1.41.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0
[Sysname-acl-adv-3001] quit
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 3001 outbound
[Sysname-ui-vty0-4] return
<Sysname>
After your configuration, if you Telnet to 192.168.1.46, your operation fails.
<Sysname> telnet 192.168.1.46
%Can't access the host from this terminal!
But you can Telnet to 192.168.1.41.
<Sysname> telnet 192.168.1.41
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
activation-key
Use activation-key to define a shortcut key for starting a terminal session.
Use undo activation-key to restore the default.