HomeNetworkingHuaweiManaging Device/User Access rights using Basic ACLs on Huawei Devices

Managing Device/User Access rights using Basic ACLs on Huawei Devices

Managing Device/User Access rights using Basic ACLs on Huawei Devices

  • May 30, 2024
  • Posted by: Lyfey Technologies
  • Categories: Huawei, Networking
No Comments

This lab demonstrates how to configure basic ACLs on Huawei devices.

Configurations Steps

Step 1: Configure IP addresses and hostnames on CE01 and CE02.

******************************CE01
sys
#
sysname CE01
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.1 255.255.255.0
#
commit
******************************CE02
sys
#
sysname CE02
#
interface GigabitEthernet0/0/0
 ip address 20.20.20.1 255.255.255.0
#
commit

Step 2: Configure the hostname on PE01. Create two VPN instances and bind them on interfaces connecting CE routers. Assign IP addresses to interfaces connecting CEs.

*****************************PE01
#
sysname PE02
#
ip vpn-instance VPN-A
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:100 export-extcommunity
  vpn-target 100:100 import-extcommunity
#
ip vpn-instance VPN-B
 ipv4-family
  route-distinguisher 200:1
  vpn-target 200:200 export-extcommunity
  vpn-target 200:200 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance VPN-A
 ip address 10.10.10.254 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance VPN-B
 ip address 20.20.20.254 255.255.255.0
#

Step 3: Configure ACLs on PE01 to allow users in VPN-A and deny users in VPN-B.

**************************PE01
#
acl name CONTROL_ACCESS number 2000
 rule 5 permit vpn-instance VPN-A
 rule 10 deny vpn-instance VPN-B
#

Step 4: Apply the ACL in Telnet services on the PE.

*********************PE01
#
user-interface con 0
user-interface vty 0 4
 acl 2000 inbound
 set authentication password cipher Huawei_123
user-interface vty 16 20
#

Step 5: Verify the configuration by trying to use Telnet from CE01 and CE02 to PE01.

As shown above, we can telnet from CE01 to PE01 but we cannot telnet from CE02 to PE01 because our ACL allows access from users in VPN-A and denies access from users in VPN-B.

Thank you for reading our articles. Leave your comments below and subscribe to our Youtube channel for more content on networking: Lyfey Technologies Channel

Latest Posts



Leave a Reply

This website uses cookies and asks your personal data to enhance your browsing experience.
Ok, I agree Privacy Policy

Privacy Policy