How to prevent users from logging in to S series switches in any way except Telnet

12

S series switches (except S1700 switches) support multiple user access types. A user can log in to a switch only when the user access type is the same as the access type configured for the user on the switch. If you want to restrict the user access type to Telnet, run the local-user user-name service-type telnet command in the AAA view to set the access type to Telnet.
By default, a local user cannot use any access type.

Other related questions:
Prevent users failing RADIUS authentication from logging in to S series switches
Administrative users can log in to S series switches (except S1700 switches) after they pass the RADIUS authentication. Their user accounts are configured on the remote RADIUS server but not in the AAA view of a local switch. The methods of configuring switches to allow administrative users to log in after they pass the RADIUS authentication are similar.

How to prevent DHCP messages from being broadcast on S series switches
For S series switches excluding the S1700, the switch can be configured with ACL rules to prevent broadcast DHCP messages on some interfaces. Assume that DHCP messages are not allowed on GE0/0/1. The configuration procedure is follows: 1. Create advanced ACL 3001 and configure an ACL rule to prevent broadcast DHCP messages. [Huawei] acl 3001 [Huawei-acl-adv-3001] rule deny udp destination-port eq 67 source-port eq 68 //Configure an ACL rule to prevent broadcast DHCP messages. [Huawei-acl-adv-3001] quit 2. Configure a traffic classifier named tc1 to classify the packets that match ACL 3001. [Huawei] traffic classifier tc1 [Huawei-classifier-tc1] if-match acl 3001 [Huawei-classifier-tc1] quit 3. Configure a traffic behavior named tb1 to prevent broadcast DHCP messages. [Huawei] traffic behavior tb1 [Huawei-behavior-tb1] deny [Huawei-behavior-tb1] quit 4. Define a traffic policy and associate the traffic classifier with the traffic behavior. [Huawei] traffic policy tp1 [Huawei-trafficpolicy-tp1] classifier tc1 behavior tb1 [Huawei-trafficpolicy-tp1] quit 5. Apply the traffic policy to GE0/0/1. [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] traffic-policy tp1 inbound [Huawei-GigabitEthernet0/0/1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top