How to configure access control on an AR router

1. Control login to the device through HTTP. Users can log in to the device through the web platform. The device cannot limit source addresses of users, which causes security risks. To ensure device security and prevent unauthorized users from using the web platform to log in to the device, an ACL can be used to allow specified users to log in to the device through HTTP.
a. Configure ACL 2000 to allow the device at 192.168.6.10 and devices on network segment 192.168.5.0 to log in to the device through HTTP.
b. Reference the ACL After the preceding configuration is completed, only the device at 192.168.6.10 and devices on network segment 192.168.5.0 are allowed to log in to the device through the web platform.
After the configuration, limited users can open the web platform page, but cannot access the web platform after entering the user name and password.

2. Configure a security policy to limit users' login through Telnet.
The route is reachable between the PC and the device, and users want to configure and manage remote devices easily. To meet the requirement, configure AAA authentication for Telnet users on the server and configure an ACL-based security policy. This ensures that only the users that meet the security policy can log in to the device.
a. Set the server port number and enable the server function.
system-view
[Huawei] sysname Telnet Server
[Telnet Server] telnet server enable
[Telnet Server] telnet server port 1025
b. Configure the parameters of VTY user interface.
# Configure the maximum number of VTY user interfaces.
[Telnet Server] user-interface maximum-vty 8
# Configure the host address allowed by the device.
[Telnet Server] acl 2001
[Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0
[Telnet Server-acl-basic-2001] quit
[Telnet Server] user-interface vty 0 7
[Telnet Server-ui-vty0-7] acl 2001 inbound
# Configure terminal attributes of the VTY user interface.
# Configure the user authentication mode for the VTY user interface.
[Telnet Server-ui-vty0-7] authentication-mode aaa
[Telnet Server-ui-vty0-7] quit
c. Configure information about login users.
# Set the authentication mode for login users.
[Telnet Server] aaa
[Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
[Telnet Server-aaa] local-user admin1234 service-type telnet
[Telnet Server-aaa] local-user admin1234 privilege level 3
[Telnet Server-aaa] quit
d. Log in to the client.
Access the Windows command line prompt interface of the administrator’s PC, and run commands to log in to the device through Telnet.
C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025
Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, command line prompt is displayed in the user view, indicating that you have successfully logged in to the device.

Login authentication

Username:admin1234
Password:
After the configuration, limited users cannot log in to the device.

Scroll to top