10.1.7 Setting IP to allow users to log in from a remote operation terminal

By setting their IP addresses, you can specify which remote operation terminals are allowed to log in to the Switch. After configuring settings, check whether other remote operation terminals are denied login to the Switch.

Points to note

To permit access to the Switch from only specific remote operation terminals, you must register their IP addresses in advance using the ip access-list standard, ipv6 access-list, access-list, ip access-group, or ipv6 access-class configuration command. You can register a maximum of 128 IPv4 addresses and subnet masks, or IPv6 addresses and prefixes. If you omit this setup, all remote operation terminals will be able to access the Switch.

Command examples (IPv4)

1. (config)# ip access-list standard REMOTE

   (config-std-nacl)# permit 192.168.0.0 0.0.0.255

   (config-std-nacl)# exit

   Sets the access list REMOTE, which permits login only from the network IP address 192.168.0.0/24.

2. (config)# line vty 0 2

   (config-line)# ip access-group REMOTE in

   (config-line)#

   Moves to line mode, applies the access list REMOTE, and permits login only from the network IP address 192.168.0.0/24.

Command examples (IPv6)

1. (config)# ipv6 access-list REMOTE6

   (config-ipv6-nacl)# permit ipv6 2001:db8:1::/64 any

   (config-ipv6-nacl)# exit

   Configures an access list REMOTE6 that allows users to log in only from the network (2001:db8:1::/64).

2. (config)# line vty 0 2

   (config-line)# ipv6 access-class REMOTE6 in

   (config-line)#

   Enters line mode, applies the access list REMOTE6, and allows only remote operation terminals located on thenetwork (2001:db8:1::/64) to log in.