Limit server access rights to only remote desktop connections on S series switches

23

The TCP port number of the Windows remote desktop is 3389. For S series switches (except S1700 switches), to limit server access rights to remote desktop connections, perform the following configuration (assume that the server address is 10.1.1.1/24 and GE1/0/1 is used to connect to the user side):
1. Create a traffic classifier c1. Configure a traffic classification rule to filter the packet with the destination IP address of 10.1.1.1 and the destination TCP port number of 3389.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit tcp destination 10.1.1.1 0 destination-port eq 3389 //Allow users to connect to the remote desktop on the server.
[Switch-acl-adv-3000] rule deny tcp destination 10.1.1.1 0 //Prevent users from accessing other applications on the server.
[Switch-acl-adv-3000] quit
[Switch] traffic classifier c1
[Switch-classifier-c1] if-match acl 3000
[Switch-classifier-c1] quit
2. Create a traffic behavior b1 and set the action to permit.
[Switch] traffic behavior b1
[Switch-behavior-b1] permit
[Switch-behavior-b1] quit
3. Create a traffic policy p1 and bind the traffic classifier and traffic behavior to the traffic policy.
[Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] quit
4. Apply the traffic policy p1 on GE1/0/1 in the inbound direction.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound

Other related questions:
Do ViewPoint 9000 series MCUs support the video wall?
ViewPoint 9000 series MCUs do not support the video wall board and cannot be used to play videos on the video wall.

Is S12700 the only S series switch that supports SFUs
The S12700 and S9310 support independent SFUs. The S12704 supports ET1D2SFUA000 and ET1D2SFUC000. The S12708 supports ET1D2SFUA000, ET1D2SFUC000, ET1D2SFUD000, and ET1D2SFUB000. The S12712 supports ET1D2SFUA000, ET1D2SFUD000, and ET1D2SFUB000. The S12710 supports ET1D2SFUB000. The S9310 supports LE1D2SFUK000.

802.1x remote authentication on S series switch
In 802.1x remote authentication and authorization, user information (including the user name, password and attributes) is configured on the remote AAA server. 802.1x remote authentication and authorization feature high network security. S series switches (except S1700 switches) running V200R003C10 or an earlier version supports only traditional NAC configuration. Switches running V200R005C00 or a later version support both traditional and unified NAC configuration. By default, unified NAC configuration is used. 802.1x remote authentication also supports traditional and unified modes. 802.1x remote authentication configuration is the same on all switch models: - For the traditional 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Common Mode)" of Typical Configuration Examples. - For the unified 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Unified Mode)" of Typical Configuration Examples.

The unit of S series switch speed limit
S series switches (except S1700) speed limit is kbit/s.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top