Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
71727374757677787980
Terminal Lines
You can access the system remotely and restrict access to the system by creating user proles.
Terminal lines on the system provide dierent means of accessing the system. The virtual terminal lines (VTYs) connect you through Telnet
to the system.
Denying and Permitting Access to a Terminal Line
Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines.
Layer 3 ACLs deny all trac that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny trac.
You cannot use the show ip accounting access-list command to display the contents of an ACL that is applied only to a
VTY line.
When you use the access-class access-list-name command without specifying the ipv4 or ipv6 attribute, both IPv4 as
well as IPv6 rules that are dened in that ACL are applied to the terminal. This is a generic way of conguring access restrictions.
To be able to lter access exclusively using either IPv4 or IPv6 rules, you must use either the ipv4 or ipv6 attribute along with the
access-class access-list-name command. Depending on the attribute that you specify (ipv4 or ipv6), the ACL processes
either IPv4 or IPv6 rules, but not both. Using this conguration, you can set up two dierent types of access classes with each class
processing either IPv4 or IPv6 rules separately.
To apply an IP ACL to a line, Use the following command.
Apply an ACL to a VTY line.
LINE mode
ip access-class access-list [ipv4 | ipv6]
NOTE
: If you already have congured generic IP ACL on a terminal line, then you cannot further apply IPv4 or IPv6
specic ltering on top of this conguration. Similarly, if you have congured either IPv4 or IPv6 specic ltering on a
terminal line, you cannot apply generic IP ACL on top of this conguration. Before applying any of these congurations,
you must rst undo the existing conguration using the no access-class access-list-name [ipv4 | ipv6]
command.
Example of an ACL that Permits Terminal Access
To view the conguration, use the show config command in LINE mode.
Dell(config-std-nacl)#show config
!
ip access-list standard myvtyacl
seq 5 permit host 10.11.0.1
Dell(config-std-nacl)#line vty 0
Dell(config-line-vty)#show config
line vty 0
access-class myvtyacl
Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and
authorization (AAA) to the line. Then users are denied access only after they enter a username and password. Beginning in Dell OS version
7.4.2.0, only an ACL is required, and users are denied access before they are prompted for a username and password.
Conguring Login Authentication for Terminal Lines
You can use any combination of up to six authentication methods to authenticate a user on a terminal line.
A combination of authentication methods is called a method list. If the user fails the rst authentication method, the system prompts the
next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are:
80
Management