3Com Switch 8800 Configuration Guide
Chapter 34 Logon User ACL Control Configuration
34-1
Chapter 34 Logon User ACL Control Configuration
34.1 Overview
As the Ethernet switches are used more and more widely over the networks, the
security issue becomes even more important. The switches provide several logon and
device accessing measures, mainly including TELNET access, SNMP access, and
HTTP access (currently the Switch 8800 does not support it). The security control over
the access measures is provided with the switches to prevent illegal users from logging
on to and accessing the devices. There are two levels of security controls. At the first
level, the user connection is controlled with ACL filter and only the legal users can be
connected to the switch. At the second level, a connected user can log on to the device
only if he can pass the password authentication.
This chapter mainly introduces how to configure the first level security control over
these access measures, that is, how to configure to filter the logon users with ACL. For
detailed description about how to configure the first level security, refer to “getting
started” module of Operation Manual.
34.2 Configuring ACL for Telnet Users
This configuration can filter out malicious or illegal connection request before password
authentication.
The following sections describe ACL configuration tasks.
z
Defining ACL
z
Importing ACL
34.2.1 Defining ACL
Currently number-based ACLs or advanced ACL can be imported, with the number
ranging from 2000 to 3999.
Perform the following configurations in system view.
Table 34-1
Define basic ACL and advanced ACL
Operation
Command
Enter basic ACL (system view)
acl
{
number acl
-
number
|
name
acl
-
name
basic
}
match-order
{
config
|
auto
}
Define a sub-rule (basic ACL
view)
rule
[
rule
-
id
] {
permit
|
deny
} [
source
source
-
addr
wildcard
|
any
] [
fragment
]
[
time-range
name
]