configure telnet access-profile

configure telnet access-profile [ access_profile | [[add rule ] [first | [[before | after] previous_rule]]] | delete rule | none ]

Description

Configures Telnet to use an ACL policy or ACL rule for access control.

Syntax Description

access_profile Specifies an ACL policy.
add Specifies that an ACL rule is to be added to the Telnet application.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other rules.
before Specifies that the new rule is to be added before a previous rule.
after Specifies that the new rule is to be added after a previous rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default

Telnet is enabled with no ACL policies and uses TCP port 23.

Usage Guidelines

You must be logged in as administrator to configure Telnet parameters.

You can restrict Telnet access in the following ways:

Only the following match conditions and actions are copied to the client memory. Others that may be in the rule are not copied.

Match conditions:
  • Source-address—IPv4 and IPv6
  • Actions—Permit or Deny

When adding a new rule, use the first, before, and after previous_rule parameters to position it within the existing rules.

If the Telnet traffic does not match any of the rules, the default behavior is deny. To permit Telnet traffic that does not match any of the rules,add a permit all rule at the end of the rule list.

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information about creating and implementing ACL policy files, see the Policy Manager and ACLs chapters in the Switch Engine 32.3 User Guide .

If you attempt to implement a policy that does not exist on the switch, an error message similar to the following appears:

Error: Policy /config/MyAccessProfile.pol does not exist on file system 

If this occurs, make sure the policy you want to implement exists on the switch. To confirm the policies on the switch, use the configure snmp add community command. If the policy does not exist, create the ACL policy file.

Viewing Telnet Information

To display the status of Telnet, including the current TCP port, the virtual router used to establish a Telnet session, and whether ACLs are controlling Telnet access, use the following command: show management.

Example

The following example applies the ACL policy MyAccessProfile_2 to Telnet:

configure telnet access-profile MyAccessProfile_2

The following example applies the ACL rule DenyAccess to the Telnet application in the first position in the list:

configure telnet access-profile add DenyAccess first

The following example removes the association of a single ACL rule from the Telnet application:

configure telnet access-profile delete DenyAccess

The following example removes the association of an ACL policy or all ACL rules from the Telnet application:

configure telnet access-profile none

History

This command was first available in ExtremeXOS 11.2.

Support for ACL rules for Telnet was added in ExtremeXOS 12.5.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.