R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

121

122

123

124

125

126

127

128

129

130

119

Default

All IPv4 SSH clients are allowed to initiate connections to the device.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL by its number, in the range of 2000 to 4999.

Usage guidelines

Use this command to specify an ACL to filter the IPv4 SSH clients' request packets. The filtering process

is as follows:

• If an ACL is specified, only the IPv4 SSH clients that match the permit statement in this ACL can

access the device.

• If the specified ACL does not exist, or the ACL does not have any statement, all the IPv4 SSH clients

can access the device.

The ACL only filters new SSH connections after the configuration.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify an ACL to only permit an IPv4 SSH client 1.1.1.1 to initiate the connection to the device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2001] quit

[Sysname] ssh server acl 2001

Related commands

display ssh server

ssh server ipv6 acl

Use ssh server ipv6 acl to set an ACL for IPv6 SSH clients.

Use undo ssh server ipv6 acl to restore the default.

Syntax

ssh server ipv6 acl [ ipv6 ]acl-number

undo ssh server ipv6 acl

Default

All IPv6 SSH clients are allowed to initiate connections to the device.

Views

System view

Predefined user roles

network-admin