8.1.2 Login Control Overview
The Switch supports local login via a serial connection, and remote login using Telnet over an IPv4 or IPv6 network.
The following controls are implemented in the Switch when a user logs in and during a user session:
-
To prevent unauthorized access, a password check is performed at login, and restrictions based on the user ID are placed on the range of commands that the user can execute.
-
Users can log in to a Switch concurrently from multiple terminals.
-
The maximum number of users who can log in concurrently is 16. You can reduce this limit by using the line vty configuration command.
-
You can restrict the IPv4 and IPv6 addresses permitted to access the Switch by using the ip access-list standard, ipv6 access-list, access-list, ip access-group, and ipv6 access-class configuration commands.
-
You can limit the protocols used to access the Switch (Telnet and FTP) by using the transport input and ftp-server configuration commands.
-
Command execution results appear only on the terminal where the command was executed. Operation messages appear on all login terminals.
-
Entered commands, response messages, and operation messages are recorded as an operation log. The operation log can be viewed by using the show logging operation command.
-
The user is automatically logged out if there is no key input for a specified period (default: 60 minutes).
-
You can forcibly log out a user using the killuser operation command.