beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 259

background image

7

To do…

Use the command…

Remarks

Configure user’s privilege level
under the current user interface

user privilege level level

Optional
By default, users logging in

through console port have a

privilege level of 3; users logging
in through other user interfaces

have a privilege level of 0.

NOTE:

For more information about user levels, see

Basic System Configuration in the System Volume.

The user privilege level can be configured under a user interface or by setting AAA authentication
parameters, and which configuration mode takes effect depends on the authentication mode at user

login. For more information, see

Basic System Configuration in the System Volume.

Configuring Access Restriction on VTY User
Interfaces

You can configure access restriction on the VTY user interface through referencing an ACL. For more
information about ACL, see ACL Configuration in the Firewall Web Configuration Manual.

If no ACL is referenced on the VTY user interface, the VTY user interface has no access control over
establishing a Telnet or SSH connection.

If an ACL is referenced on the VTY user interface, the connection is permitted to be established only
when packets for establishing a Telnet or SSH connection match a permit statement in the ACL .If
the packets match a deny statement or do not match any rule, the connection is denied.

Follow these steps to control access to VTY user interfaces:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Enter VTY user interface view

user-interface { first-num1
[ last-num1 ] | vty first-num2

[ last-num2 ] }

––

By referencing
basic/advanced ACL

acl [ ipv6 ] acl-number
{ inbound | outbound }

Control access
to the VTY user

interface

By referencing
Ethernet frame header

ACL

acl acl-number inbound

Required
Use either command
No access control is set by

default.

NOTE:

The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with the
outbound keyword, and Ethernet frame header ACL as three different types of ACLs, which can coexist in

one VTY user interface. If different types of ACLs are in one VTY user interface, the match order is

basic/advanced ACL and Ethernet frame header ACL. On the same VTY user interface, at most one ACL
of each type can be referenced, and the last configured one takes effect.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: