Network requirements, Configuring source mac-based login control over, Telnet usersconfiguring source mac-based login – H3C Technologies H3C S7500E Series Switches User Manual
Page 93: Control over telnet users
5-3
To do…
Use the command…
Remarks
Use the ACL to control user
login by source and
destination IP addresses
acl [ ipv6 ] acl-number { inbound |
outbound }
Required
inbound: Filters incoming telnet
packets.
outbound: Filters outgoing telnet
packets.
Configuring Source MAC-Based Login Control over Telnet Users
Because Ethernet frame header ACLs can match the source MAC addresses of packets, you can use
Ethernet frame header ACLs to implement source MAC-based login control over telnet users. Ethernet
frame header ACLs are numbered from 4000 to 4999. For more information about ACL, see ACL
Configuration in the ACL and QoS Configuration Guide.
Follow these steps to configure source MAC-based login control over telnet users:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create an advanced ACL and
enter its view, or enter the view of
an existing advanced ACL
acl number acl-number
[ match-order { config | auto } ]
Required
By default, no advanced ACL
exists.
Configure rules for the ACL
rule [ rule-id ] { permit | deny }
rule-string
Required
Exit the advanced ACL view
quit
—
Enter user interface view
user-interface [ type ] first-number
[ last-number ]
—
Use the ACL to control user login
by source MAC address
acl acl-number inbound
Required
inbound: Filters incoming telnet
packets.
The above configuration does not take effect if the telnet client and server are not in the same subnet.
Source MAC-Based Login Control Configuration Example
Network requirements
As shown in
, configure an ACL on the Device to permit only incoming telnet packets
sourced from Host A and Host B.