Reset Search
 

 

Article

How to restrict telnet access

« Go Back

Information

 
TitleHow to restrict telnet access
Objective
How to restrict telnet access
Environment
  • Summit
  • EXOS
Procedure
  • Restrict telnet access by creating and implementing an ACL policy
  • Configure an ACL policy to permit or deny a specific list of IP addresses and subnet masks for the telnet port.
  • The two methods to load ACL policies to the switch are:
  1. Use the edit policy command to launch a VI-like editor on the switch. You can create the policy directly on the switch.
  2. Use the tftp command to transfer a policy that you created using a text editor on another system to the switch.
In the following example named MyAccessProfile.pol, the switch permits connections from the subnet 10.203.133.0/24 and denies connections from all other addresses:
 
MyAccessProfile.pol
Entry AllowTheseSubnets {
if {
source-address 10.203.133.0 /24;
}
then
{
permit;
}
}

In the following example named MyAccessProfile.pol, the switch permits connections from the subnets
10.203.133.0/24 or 10.203.135.0/24 and denies connections from all other addresses:

 
MyAccessProfile.pol
Entry AllowTheseSubnets {
if match any {
source-address 10.203.133.0 /24;
source-address 10.203.135.0 /24;
}
then
{
permit;
}
}


In the following example named MyAccessProfile_2.pol, the switch does not permit connections from the subnet 10.203.133.0/24 but accepts connections from all other addresses:
 
MyAccessProfile_2.pol
Entry dontAllowTheseSubnets {
if {
source-address 10.203.133.0 /24;
}
then
{
deny;
}
}
Entry AllowTheRest {
if {
; #none specified
}
then
{
permit;
}
}
 
  • Configure telnet to use an ACL policy to restrict access, type the command:
configure telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>} {vr [<vr_name> | all | default]}
Additional notes
  • Use the none option to remove a previously configured ACL.  
  • In the ACL policy file for telnet, the source-address field is the only supported match condition. Any other match conditions are ignored.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255