23
connection is established. When the device functions as a Telnet client, this keyword is
used to restrict the Telnet server that is allowed to access the device.
Description
Use the acl command to apply an Access Control List (ACL) for limiting the access
authority of the current user interface.
Use the undo acl command to remove the limit on the access authority of the user
interface. For more information about ACLs, see ACL in the ACL and QoS Command
Reference.
This command is available only in VTY view.
By default, the system does not restrict access rights of the VTY user interface.
If no ACL is configured on the VTY user interface, there is no access restriction on
the VTY user interface for establishing a Telnet or SSH connection
If an ACL is configured in VTY user interface, there are two possibilities: if the
packets for establishing a Telnet or SSH connection match the ACL rule, the
connection is permitted or denied according to the ACL rule; if not, the
connection is denied directly.
The system regards the basic/advanced ACL with the inbound keyword, the
basic/advanced ACL with the outbound keyword, WLAN ACL, and Layer 2 ACL as four
different types of ACLs, which can coexist in one VTY user interface. If there are
different types of ACLs in one VTY user interface, the matching order is WLAN ACL,
basic/advanced ACL, and Layer 2 ACL. In one VTY user interface, the number of ACL
of each type is one at most, and the latest configured one is valid.
NOTE:
Support for IPv6 depends on the AC model.
Examples
Example 1:
When users access the device through Telnet or SSH, only the user with the IP address of
192.168.1.26 can access the device; users with other IP addresses are not allowed to
access the device through this user interface.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
To Next Page
Loading...
Need help?
General
