SOLVED
Hello @Hideo ,
Kindly refer below link for configuration guide for ACL:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00007121en_us
Thanks!
Hello @Hideo ,
ACL option is not available under line vty interface in comware 7. Its strange but I believe the reason is comware 7 has defined user roles option in line vty interface compare to comware 5.
Comware 7:
[HPE]user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
guest-manager
What is your acl tule in comware 5?
Thanks!
Hi @Hideo !
In Comware 7 each management protocol can be protected by separate ACL, so the logic is slightly different than in Comware 5. SSH can be protected by one ACL, Telnet by another and they both can co-exist under one VTY line.
Here is an official document describing this change - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sf000005606en_us
Therefore I believe this is what you are looking for:
#
acl number 2001
rule 0 permit source 172.31.1.0 0.0.0.255
#
ssh server enable
ssh server acl 2001
#
line vty 0 15
authentication-mode scheme
protocol inbound ssh
#
Also, there is one command that helps a lot during SSH ACL troubleshooting phase - 'ssh server acl-deny-log enable'. Use it to enable logging for SSH login attempts that are denied by the SSH login control ACL. You can remove it afterwards with 'undo ssh server acl-deny-log enable' afterwards.
Hope this helps!