36
Controlling user access
Use ACLs to prevent unauthorized access and configure command authorization and accounting to
monitor and control user behavior. For more information about ACLs, see ACL and QoS
Configuration Guide.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
Telnet is not supported in FIPS mode.
Controlling Telnet/SSH logins
Use basic ACLs (2000 to 2999) to filter Telnet and SSH logins by source IP address. Use advanced
ACLs (3000 to 3999) to filter Telnet and SSH logins by source and/or destination IP address. Use
Ethernet frame header ACLs (4000 to 4999) to filter Telnet and SSH logins by source MAC address.
If an applied ACL does not exist or does not have any rules, no user login restriction is applied. If the
ACL exists and has rules, only users permitted by the ACL can access the device through Telnet or
SSH.
Configuration procedures
To control Telnet logins:
1. Enter system view.
system-view
N/A
2. Apply an ACL to filter
Telnet logins.
• telnet server acl acl-number
• telnet server ipv6 acl [ ipv6 ]
acl-number
By default, no ACL is used to filter
Telnet logins.
To control SSH logins:
1. Enter system view.
system-view
N/A
2. Apply an ACL
SSH logins.
• ssh server acl acl-number
• ssh server ipv6 acl [ ipv6 ]
acl-number
By default, no ACL is used to filter
SSH logins.
For more information about these
two commands, see Security
Command Reference.
Configuration example
Network requirements
As shown in Figure 15, the device is a Telnet server.
To Next Page
Loading...
Need help?
General