User login control, User login control overview, Configuring login control over telnet users – H3C Technologies H3C SecBlade NetStream Cards User Manual

50

User login control

This chapter includes these sections:

•

User login control overview

•

Configuring login control over telnet users

•

Configuring source IP-based login control over NMS users

User login control overview

The SecBlade card provides the following login control methods.

Login Through Login control methods

ACL used

Telnet

Configuring source IP-based login control over telnet users

Basic ACL

Configuring source and destination IP-based login control
over telnet users

Advanced ACL

Configuring source MAC-based login control over telnet
users

Ethernet frame header ACL

NMS

Configuring source IP-based login control over NMS users

Basic ACL

Configuring login control over telnet users

Configuration preparation

Before configuration, determine the permitted or denied source IP addresses, source MAC addresses,

and destination IP addresses.

Configuring source IP-based login control over telnet users

Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source

IP-based login control over telnet users. Basic ACLs are numbered from 2000 to 2999. For more

information about ACL, see the NetStream Configuration Guide.
Follow these steps to configure source IP-based login control over telnet users:

To do…

Use the command…

Remarks

Enter system view

system-view —

Create a basic ACL and enter its
view, or enter the view of an

existing basic ACL

acl number acl-number
[ match-order { config | auto } ]

Required
By default, no basic ACL exists.

Configure rules for this ACL

rule [ rule-id ] { permit | deny }
[ source { sour-addr sour-wildcard

| any } | time-range time-name |
fragment | logging ]*

Required