10.1.7 Setting IP to allow users to log in from a remote operation terminal
By setting their IP addresses, you can specify which remote operation terminals are allowed to log in to the Switch. After configuring settings, check whether other remote operation terminals are denied login to the Switch.
- Points to note
-
To permit access to the Switch from only specific remote operation terminals, you must register their IP addresses in advance using the ip access-list standard, ipv6 access-list, access-list, ip access-group, or ipv6 access-class configuration command. You can register a maximum of 128 IPv4 addresses and subnet masks, or IPv6 addresses and prefixes. If you omit this setup, all remote operation terminals will be able to access the Switch. If access is attempted from a terminal that does not have access permission (a terminal not registered in the configuration entry), the message Unknown host address <IP address> will appear on other login terminals. Changing the IP addresses that are permitted to access the Switch will not terminate current user sessions.
Command examples (IPv4)
-
(config)# ip access-list standard REMOTE
(config-std-nacl)# permit 192.168.0.0 0.0.0.255
(config-std-nacl)# exit
Sets the access list REMOTE, which permits login only from the network IP address 192.168.0.0/24.
-
(config)# line vty 0 2
(config-line)# ip access-group REMOTE in
(config-line)#
Moves to line mode, applies the access list REMOTE, and permits login only from the network IP address 192.168.0.0/24.
Command examples (IPv6)
-
(config)# ipv6 access-list REMOTE6
(config-ipv6-nacl)# permit ipv6 3ffe:501:811:ff01::/64 any
(config-ipv6-nacl)# exit
Sets the access list REMOTE6, which permits login only from the network IP address 3ffe:501:811:ff01::/64.
-
(config)# line vty 0 2
(config-line)# ipv6 access-class REMOTE6 in
(config-line)#
Moves to line mode, applies the access list REMOTE6, and permits login only from the network IP address 3ffe:501:811:ff01::/64.