57
Controlling user logins
To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs,
see ACL and QoS Configuration Guide.
FIPS compliance
In Release 1118 and later versions, the device supports the FIPS mode that complies with NIST FIPS 140-2
requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS
mode. For more information about FIPS mode, see Security Configuration Guide.
Telnet and HTTP are not supported in FIPS mode.
Unless otherwise stated, the device is operating in non-FIPS mode in the following configuration
examples.
Controlling Telnet logins (not supported in FIPS
mode)
Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000
to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header
ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
To access the device, a Telnet user must match a permit statement in the ACL applied to the user interface.
Configuring source IP-based Telnet login control
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a basic ACL and
enter its view, or enter the
view of an existing basic
ACL.
acl [ ipv6 ] number acl-number
[ name name ] [ match-order { config
| auto } ]
By default, no basic ACL exists.
To Next Page
Loading...
Need help?
General
