Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 65
1-3
Follow these steps to control Telnet users by source MAC addresses:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create or enter Layer 2
ACL view
acl number
acl-number —
Define rules for the ACL
rule
[ rule-id ] { deny | permit }
[ rule-string ]
Required
You can define rules as needed to filter
by specific source MAC addresses.
Quit to system view
quit
—
Enter user interface view
user-interface
[ type ] first-number
[ last-number ]
—
Apply the ACL to control
Telnet users by specified
source MAC addresses
acl
acl-number inbound
Required
By default, no ACL is applied for Telnet
users.
Configuration Example
Network requirements
, only the Telnet users sourced from the IP address of 10.110.100.52 are
permitted to access the switching engine.
Figure 8-1
Network diagram for controlling Telnet users using ACLs
Configuration procedure
# Define a basic ACL.
<device> system-view
[device] acl number 2000
[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[device-acl-basic-2000] quit
# Apply the ACL.
[device] user-interface vty 0 4
[device-ui-vty0-4] acl 2000 inbound
Controlling Network Management Users by Source IP Addresses
You can manage the device through network management software. Network management users can
access switching engines through SNMP.
You need to perform the following two operations to control network management users by source IP
addresses.
z
Defining an ACL
z
Applying the ACL to control users accessing the switching engine through SNMP