Operation Manual – QoS/ACLH3C S9500 Series Routing Switches Chapter 3 Logon User ACL Control Configuration3-1Chapter 3 Logon User ACL Control Configuration3.1 OverviewCurrently, an S9500 series switch provides the following three measures for remoteaccess:z Telnetz Security shell (SSH)z Simple network management protocol (SNMP)An S9500 series switch provides security control for these three access measures toprevent unauthorized users from logging in/and accessing it. There are two levels ofsecurity controls.z The first level is implemented by applying ACLs to filter the users that are toconnect to the switch. Only authorized users are capable of accessing the switch.At the second level, a connected user can log into the switch only after passing thepassword authentication.This chapter mainly describes how to configure the first level security control over theseaccess measures, that is, how to filter the users logging onto the switch with ACL. Fordetailed description about how to configure the second level security, refer to theGetting Started part of this manual.3.2 Configuring ACL for Telnet/SSH UsersYou can configure ACLs for the users who access the switch through Telnet or SSH tofilter out the malicious or unauthorized connection requests before the passwordauthentication to secure the switch.3.2.1 Configuration PrerequisitesYou have correctly configured the switch using Telnet or SSH.
