[x]

SSH server commands > ssh server ipv6 acl

 

 Next

ssh server ipv6 acl

Use ssh server ipv6 acl to specify an ACL to control IPv6 SSH connections to the server.

Use undo ssh server ipv6 acl to restore the default.

Syntax

ssh server ipv6 acl { ipv6 { advanced-acl-number | basic-acl-number } | mac mac-acl-number }

undo ssh server ipv6 acl

Default

No ACLs are specified and all IPv6 SSH clients can initiate SSH connections to the server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

advanced-acl-number: Specifies an IPv6 advanced ACL number in the range of 3000 to 3999.

basic-acl-number: Specifies an IPv6 basic ACL number in the range of 2000 to 2999.

mac mac-acl-number: Specifies a Layer 2 ACL by its number in the range of 4000 to 4999.

Usage guidelines

The ACL specified in this command filters IPv6 SSH clients' connection requests. Only the IPv6 SSH clients that the ACL permits can access the device. If the specified ACL does not exist or contains no rules, all IPv6 SSH clients can access the device.

The ACL takes effect only on SSH connections that are initiated after the ACL configuration.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure ACL 2001 and permit only the users on the subnet 1::1/64 to initiate SSH connections to the server.

<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl6-ipv6-basic-2001] rule permit source 1::1 64
[Sysname-acl6-ipv6-basic-2001] quit
[Sysname] ssh server ipv6 acl ipv6 2001

Related commands

display ssh server

prev

 

up

 next

ssh server enable 

home

 ssh server ipv6 dscp

© Copyright 2018 Hewlett Packard Enterprise Development LP