HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 71

Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header ACL (4000 to 4999) to filter Telnet traffic by source MAC address. To access the device, a Telnet user must match a permit statement in the ACL applied to the user interface. Configuring source IP-based Telnet login control Step 1. Enter system view. 2. Create a basic ACL and enter its view, or enter the view of an existing basic ACL. Command system-view acl [ ipv6 ] number acl-number [ match-order { config | auto } ] Remarks N/A By default, no basic ACL exists. 3. Configure an ACL rule. rule [ rule-id ] { permit | deny } [ source { sour-addr sour-wildcard | any } | time-range time-name | fragment | logging ]* By default, a basic ACL does not contain any rule. 4. Exit the basic ACL view. quit N/A 5. Enter user interface view. user-interface [ type ] first-number [ last-number ] 6. Use the ACL to control user acl [ ipv6 ] acl-number { inbound | logins by source IP address. outbound } N/A • inbound: Filters incoming packets. • outbound: Filters outgoing packets. Configuring source/destination IP-based Telnet login control Step 1. Enter system view. 2. Create an advanced ACL and enter its view, or enter the view of an existing advanced ACL. Command system-view acl [ ipv6 ] number acl-number [ match-order { config | auto } ] 3. Configure an ACL rule. rule [ rule-id ] { permit | deny } rule-string Remarks N/A By default, no advanced ACL exists. N/A 65