Restricting remote access, Assigning numbered ip acls to vty lines, Restricting remote access 9 – Allied Telesis AT-9000 Series User Manual

Page 1217: Assigning numbered ip acls to vty lines 9

Advertising
background image

AT-9000 Switch Command Line User’s Guide

1189

Restricting Remote Access

You can access the switch remotely through the VTY lines. Unrestricted
remote access is available through Telnet and the Web interfaces as well
as through the SNMP and SSH protocols by default. The ACCESS-LIST
command allows you to control remote access to the switch through VTY
lines. First you create an ACL and then you use the ACCESS-LIST
command to make the assignment to the VTY lines. This command is
similar to the ACCESS-GROUP command which allows you to assign an
ACL to a port.

You can add one ACL per command. Also, you can add multiple ACLs to
the VTY lines as shown in the examples that follow.

Allied Telesis recommends specifying all ten of the VTY lines with the
ACCESS-LIST command because the switch assigns VTY lines randomly.

For procedures that use the ACCESS-LIST command, see the following:

“Assigning Numbered IP ACLs to VTY Lines” on page 1189

“Assigning MAC ACLs to VTY Lines” on page 1190

“Assigning Named IPv4 and IPv6 ACLs to VTY Lines” on page 1191

Assigning

Numbered IP

ACLs to VTY

Lines

The following example creates two Numbered IP ACLs. The first ACL
created, with an ID of 3000, permits IP address 10.0.0.3 full access to the
switch. The second ACL created, with an ID of 3001, denies all IP
addresses access to the switch. Both ACLs are assigned to all ten VTY
lines with the ACCESS-CLASS command in the order that the ACLs were
created. The result of this example is that only IP address 10.0.0.3 has
remote access to the switch. See Table 136.

Table 136. Assigning Numbered IP ACLs to VTY Lines Example

Command

Description

awplus> enable

Enter the Privileged Executive mode from
the User Executive mode.

awplus# configure terminal

Enter the Global Configuration mode.

awplus(config)# interface vlan10

Enter the Port Interface mode for VLAN
10.

awplus(config_if)# ip address
10.0.0.20/24

Assign VLAN 10 an IP address and
subnet mask of 10.0.0.20/24.

awplus(config_if)# q

Quit the Port Interface mode.

Advertising
See also other documents in the category Allied Telesis Computer hardware: