Switching and Routing

How to enable set ACL in HPE 5510 VTY Line?

 
SOLVED
Go to solution
Hideo
Regular Visitor

How to enable set ACL in HPE 5510 VTY Line?

Hi,

I am replacing HP A5500-24G switch to HPE 5510 24G switch.

How to enable set ACL in HPE 5510 VTY Line?
There is no ACL command.

#
line vty 0 63
  authentication-mode scheme
  user-role network-operator
  protocol inbound ssh
#

In HP A5500-24G Switch, VTY was set to ACL.

#
user-interface vty 0 15
  acl 2001 inbound
  authentication-mode scheme
  protocol inbound ssh
#

Thank you.

Hideo Hirose

7 REPLIES 7
akg7
HPE Pro

Re: How to enable set ACL in HPE 5510 VTY Line?

Hello @Hideo ,

Kindly refer below link for configuration guide for ACL:

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00007121en_us

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Hideo
Regular Visitor

Re: How to enable set ACL in HPE 5510 VTY Line?

Thank you for your reply.

Software version: HPE Comware Software, Version 7.1.070, Release 3507

Image file: 5510hi-cmw710-system-r3507.bin

Thank you.

Hideo Hirose

Hideo
Regular Visitor

Re: How to enable set ACL in HPE 5510 VTY Line?

Thank you for your reply.

This manual did not include an ACL to VTY.

Thanks.

Hideo Hirose

akg7
HPE Pro

Re: How to enable set ACL in HPE 5510 VTY Line?

Hello @Hideo ,

ACL option is not available under line vty interface in comware 7. Its strange but I believe the reason is comware 7 has defined user roles option in  line vty interface compare to comware 5.

Comware 7:
[HPE]user-role ?
  STRING<1-63>      User role name
  network-admin
  network-operator
  level-0
  level-1
  level-2
  level-3
  level-4
  level-5
  level-6
  level-7
  level-8
  level-9
  level-10
  level-11
  level-12
  level-13
  level-14
  level-15
  security-audit
  guest-manager

 

What is your acl tule in comware 5?

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Hideo
Regular Visitor

Re: How to enable set ACL in HPE 5510 VTY Line?

Hello

This is the original ACL.
#
acl number 2001
rule 0 permit source 172.31.1.0 0.0.0.255
#
#
user-interface vty 0 15
acl 2001 inbound
authentication-mode scheme
protocol inbound ssh
#

I want to reflect this in the new switch.

Thanks.

Hideo Hirose

Ivan_B
HPE Pro
Solution

Re: How to enable set ACL in HPE 5510 VTY Line?

Hi @Hideo !

In Comware 7 each management protocol can be protected by separate ACL, so the logic is slightly different than in Comware 5. SSH can be protected by one ACL, Telnet by another and they both can co-exist under one VTY line.

Here is an official document describing this change - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sf000005606en_us

Therefore I believe this is what you are looking for:

 

#
acl number 2001
rule 0 permit source 172.31.1.0 0.0.0.255
#
ssh server enable
ssh server acl 2001
#
line vty 0 15
authentication-mode scheme
protocol inbound ssh
#

 

Also, there is one command that helps a lot during SSH ACL troubleshooting phase - 'ssh server acl-deny-log enable'. Use it to enable logging for SSH login attempts that are denied by the SSH login control ACL. You can remove it afterwards with 'undo ssh server acl-deny-log enable' afterwards.

Hope this helps!

 

I am an HPE employee

Accept or Kudo

Hideo
Regular Visitor

Re: How to enable set ACL in HPE 5510 VTY Line?

Hello Ivan_B


Thank you very much.

I was able to confirm the operation of ACL.

Thank you very much for helping me.

thanks