Users Guide

Table Of Contents
1. Create access lists with permit or deny filters; for example:
OS10(config)# ip access-list snmp-read-only-acl
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
OS10(config-ipv4-acl)# exit
OS10(config)#
2. Apply ACLs to an SNMP community in CONFIGURATION mode.
OS10(config)# snmp-server community public ro acl snmp-read-only-acl
View SNMP ACL configuration
OS10# show snmp community
Community : public
Access : read-only
ACL : snmp-read-only-acl
Limit concurrent login sessions
To avoid an unlimited number of active sessions on a switch for the same user ID, limit the number of console and remote
connections. Log in from a console connection by cabling a terminal emulator to the console serial port on the switch. Log in to
the switch remotely through a virtual terminal line, such as Telnet and SSH.
Configure the maximum number of concurrent login sessions in CONFIGURATION mode.
OS10(config)# login concurrent-session limit number
limit number Sets the maximum number of concurrent login sessions allowed for a user ID, from 1 to 12; default
10.
When you configure the maximum number of allowed concurrent login sessions, take into account that:
Each remote VTY connection counts as one login session.
All login sessions from a terminal emulator on an attached console count as one session.
Configure concurrent login sessions
OS10(config)# login concurrent-session limit 4
If you log in to the switch after the maximum number of concurrent sessions are active, an error message displays. To log in to
the system, close one of your existing sessions.
OS10(config)# login concurrent-session limit 4
Too many logins for 'admin'.
Last login: Wed Jan 31 20:37:34 2018 from 10.14.1.213
Connection to 10.11.178.26 closed.
Current sessions for user admin:
Line Location
2 vty 0 10.14.1.97
3 vty 1 10.14.1.97
4 vty 2 10.14.1.97
5 vty 3 10.14.1.97
Virtual terminal line ACLs
To limit Telnet and SSH connections to the switch, apply access lists on a virtual terminal line (VTY).
There is no implicit deny rule. If none of the configured conditions match, the default behavior is to permit. If you need to deny
traffic that does not match any of the configured conditions, explicitly configure a deny statement.
1. Create IPv4 or IPv6 access lists with permit or deny filters; for example:
OS10(config)# ip access-list permit10
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
Security
1151