Limiting access to management of Huawei SmartAX MA5600

For example, to allow to connect to the Huawei SmartAX MA5600 series via telnet only to the specified IP address ranges 192.168.0.100-192.168.0.254 and 172.16.24.1-172.16.24.50 we will connect to the device and go into the configuration mode:

enable
config

And execute the following commands (for non-specified IP access is immediately prohibited):

sysman ip-access telnet 192.168.0.100 192.168.0.254
sysman ip-access telnet 172.16.24.1 172.16.24.50
sysman firewall telnet enable

Similarly for SSH:

sysman ip-access ssh 192.168.0.100 192.168.0.254
sysman firewall ssh enable

And SNMP for example for one IP:

sysman ip-access snmp 192.168.0.100 192.168.0.100
sysman firewall snmp enable

To deny access to the specified subnet, we specify ip-refuse instead of ip-access, for example:

sysman ip-refuse telnet 192.168.1.200 192.168.1.220
sysman firewall telnet enable

On the test, I performed the settings for Huawei SmartAX MA5683T, they are essentially the same for the entire MA5600 series.

Подписаться на IT Blog (RU) по Email
Subscribe to IT Blog (EN) by Email

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a Reply