Operation Manual - QoS/ACL
Quidway S6500 Series Ethernet Switches Chapter 3 ACL Configuration
Huawei Technologies Proprietary
3-1
Chapter 3 ACL Configuration
3.1 Overview
Security problems draw more and more attentions with increasingly extensive
application of Ethernet switches. Currently Ethernet switches support three major
access modes: SNMP (Simple Network Management Protocol) access, Telnet access
and HTTP (Hypertext Transfer Protocol) access. Security control is achieved at two
levels: Connection request control is achieved at the first level and appropriate ACL
configuration ensures that only legal users can be connected to the switch. Password
authentication is achieved at the second level and only those connected, with correct
passwords, can log successfully onto the switch
Here the first level security control, ACL configuration, is detailed only. See the
Configuration Manual – Getting Started for the second level control.
3.2 Configuring ACL for Telnet Users
This configuration can filter out malicious or illegal connection request before password
authentication.
Two steps are included in this configuration:
1) Define an ACL
2) Import the ACL to control Telnet users
3.2.1 Defining ACL
Currently only number-based ACLs can be imported, with the number ranging from
2000 to 3999.
Please perform the following configurations in system view.
Table 3-1 Defining basic ACL
Operation Command
Enter basic ACL
(system view)
acl { number acl-number | name acl-name basic }
match-order { config | auto }
Define a sub-rule (basic
ACL view)
rule [ rule-id ] { permit | deny } [ source source-addr
wildcard | any ] [ fragment ] [ time-range name ]
Delete a sub-rule (basic
ACL view)
undo rule rule-id [ source ] [ fragment ] [ time-range ]
To Next Page
Loading...
Need help?
General
