Table of Contents

1 Commands for Controlling Login Users· 1-1

Commands for Controlling Login Users· 1-1

acl (in user interface view) 1-1

Commands for Controlling Login Users

acl (in user interface view)

Syntax

l          For basic and advanced ACLs:

acl [ ipv6 ] acl-number { inbound | outbound }

undo acl [ ipv6 ] acl-number { inbound | outbound }

l          For WLAN and Layer 2 ACLs:

acl acl-number inbound

undo acl acl-number inbound

View

VTY user interface view

Default Level

2: System level

Parameters

ipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4.

acl-number: Number of access control list, which must be in the following ranges,

l          100 to 199 for WLAN ACLs

l          2000 to 2999 for basic ACLs

l          3000 to 3999 for advanced ACLs

l          4000 to 4999 for Layer 2 ACLs

inbound: Restricts the Telnet connection established by using the VTY user interface. If the received packets for establish a Telnet connection match the ACL rule, the connection will be established. When the device functions as a Telnet server, this keyword is used to restrict the Telnet client.

outbound: Restricts the Telnet connection established by using the VTY user interface. If the packets sent for establishing a Telnet connection match the ACL rule, the connection will be established. When the device functions as a Telnet client, this keyword is used to restrict the Telnet server that is allowed to access the device.

Description

Use the acl command to reference an ACL to control dial-in or dial-out of the current users.

Use the undo acl command to remove the ACL.

For more information about ACLs, see ACL in the ACL and QoS Command Reference.

By default, dial-in and dial-out of VTY users are not restricted.

l          If no ACL is configured on the VTY user interface, there will be no access restriction on the VTY user interface for establishing a Telnet connection.

l          If an ACL is configured in VTY user interface, there will be two possibilities: if the packets for establishing a Telnet connection match the ACL rule, the connection will be permitted or denied according to the ACL rule; if not, the connection will be denied directly

The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the outbound keyword, WLAN ACL, and Layer 2 ACL as four different types of ACLs, which can coexist in one VTY user interface. If there are different types of ACLs in one VTY user interface, the matching order is WLAN ACL, basic/advanced ACL, and Layer 2 ACL. In one VTY user interface, the number of ACL of each type is one at most, and the latest configured one is valid.

Examples

# When users access the device through Telnet, only the user with the IP address of 192.168.1.26 can access the device; users with other IP addresses are not allowed to access the device through this user interface.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0

[Sysname-acl-basic-2001] quit

[Sysname] user-interface vty 0

[Sysname-ui-vty0] acl 2001 inbound

# When users access the wireless access point (AP) or access controller (AC) through wireless AP by using the user interface VTY 0, the users’ call-in authority is restricted: only the wireless user with the SSID of Admin can access the device through VTY 0.

<Sysname> system-view

[Sysname] acl number 100

[Sysname-acl-wlan-100] rule permit ssid Admin

[Sysname-acl-wlan-100] quit

[Sysname] user-interface vty 0

[Sysname-ui-vty0] acl 100 inbound