Filter
Top Products
AT-9000 Switch Command Line User’s Guide
1189
Restricting Remote Access
You can access the switch remotely through the VTY lines. Unrestricted
remote access is available through Telnet and the Web interfaces as well
as through the SNMP and SSH protocols by default. The ACCESS-LIST
command allows you to control remote access to the switch through VTY
lines. First you create an ACL and then you use the ACCESS-LIST
command to make the assignment to the VTY lines. This command is
similar to the ACCESS-GROUP command which allows you to assign an
ACL to a port.
You can add one ACL per command. Also, you can add multiple ACLs to
the VTY lines as shown in the examples that follow.
Allied Telesis recommends specifying all ten of the VTY lines with the
ACCESS-LIST command because the switch assigns VTY lines randomly.
For procedures that use the ACCESS-LIST command, see the following:
“Assigning Numbered IP ACLs to VTY Lines” on page 1189
“Assigning MAC ACLs to VTY Lines” on page 1190
“Assigning Named IPv4 and IPv6 ACLs to VTY Lines” on page 1191
Assigning
Numbered IP
ACLs to VTY
Lines
The following example creates two Numbered IP ACLs. The first ACL
created, with an ID of 3000, permits IP address 10.0.0.3 full access to the
switch. The second ACL created, with an ID of 3001, denies all IP
addresses access to the switch. Both ACLs are assigned to all ten VTY
lines with the ACCESS-CLASS command in the order that the ACLs were
created. The result of this example is that only IP address 10.0.0.3 has
remote access to the switch. See Table 136.
Table 136. Assigning Numbered IP ACLs to VTY Lines Example
Command Description
awplus> enable Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# interface vlan10 Enter the Port Interface mode for VLAN
10.
awplus(config_if)# ip address
10.0.0.20/24
Assign VLAN 10 an IP address and
subnet mask of 10.0.0.20/24.
awplus(config_if)# q Quit the Port Interface mode.