H3C Technologies H3C SecBlade NetStream Cards User Manual

51

To do…

Use the command…

Remarks

Exit the basic ACL view

quit

—

Enter user interface view

user-interface [ type ] first-number
[ last-number ]

—

Use the ACL to control user login
by source IP address

acl acl-number { inbound |
outbound }

Required
inbound: Filters incoming telnet
packets.
outbound: Filters outgoing telnet

packets.

Configuring source and destination IP-based login control over
telnet users

Advanced ACLs can match both source and destination IP addresses of packets, so you can use

advanced ACLs to implement source and destination IP-based login control over telnet users. Advanced

ACLs are numbered from 3000 to 3999. For more information about ACL, see the NetStream

Configuration Guide.
Follow these steps to configure source and destination IP-based login control over telnet users:

To do…

Use the command…

Remarks

Enter system view

system-view —

Create an advanced ACL and
enter its view, or enter the view of

an existing advanced ACL

acl number acl-number
[ match-order { config | auto } ]

Required
By default, no advanced ACL
exists.

Configure rules for the ACL

rule [ rule-id ] { permit | deny }
rule-string

Required

Exit advanced ACL view

quit

—

Enter user interface

user-interface [ type ] first-number
[ last-number ]

—

Use the ACL to control user login
by source and destination IP

addresses

acl acl-number { inbound |
outbound }

Required
inbound: Filters incoming telnet
packets.
outbound: Filters outgoing telnet

packets.

Configuring source MAC-based login control over telnet users

Ethernet frame header ACLs can match the source MAC addresses of packets, so you can use Ethernet

frame header ACLs to implement source MAC-based login control over telnet users. Ethernet frame
header ACLs are numbered from 4000 to 4999. For more information about ACL, see the NetStream

Configuration Guide.
Follow these steps to configure source MAC-based login control over telnet users: