10.1.2 Login Control Overview

The Switch supports local login via a serial connection, and remote login using Telnet over an IPv4 or IPv6 network.

The following controls are implemented in the Switch when a user logs in and during a user session:

1. To prevent unauthorized access, a password check is performed at login, and restrictions based on the user ID are placed on the range of commands that the user can execute.

2. Users can log in to a Switch concurrently from multiple terminals.

3. The maximum number of users who can log in concurrently is 16. You can reduce this limit by using the line vty configuration command.

4. You can restrict the IPv4 and IPv6 addresses permitted to access the Switch by using the ip access-list standard, ipv6 access-list, access-list, ip access-group, and ipv6 access-class configuration commands.

5. You can limit the protocols used to access the Switch (Telnet and FTP) by using the transport input and ftp-server configuration commands.

6. Command execution results appear only on the terminal where the command was executed. Operation messages appear on all login terminals.

7. Entered commands, response messages, and operation messages are recorded as an operation log. The operation log can be viewed by using the show logging operation command.

8. The user is automatically logged out if there is no key input for a specified period (default: 60 minutes).

9. You can forcibly log out a user using the killuser operation command.