Step...
6.
Use the ACL to control user
login by source IP address.
Configuring source and destination IP-based login control over
Telnet users
Advanced ACLs can match both source and destination IP addresses of packets, so use advanced ACLs
to implement source and destination IP-based login control over Telnet users. Advanced ACLs are
numbered from 3000 to 3999. For more information about ACL, see ACL and QoS Configuration Guide.
Step...
1.
Enter system view
2.
Create an advanced ACL and
enter its view, or enter the
view of an existing advanced
ACL
3.
Configure rules for the ACL
4.
Exit advanced ACL view
5.
Enter user interface
6.
Use the ACL to control user
login
destination IP addresses
Configuring source MAC-based login control over Telnet users
Ethernet frame header ACLs can match the source MAC addresses of packets, so use Ethernet frame
header ACLs to implement source MAC-based login control over Telnet users. Ethernet frame header ACLs
are numbered from 4000 to 4999. For more information about ACL, see ACL and QoS Configuration
Guide.
This configuration does not take effect if the Telnet client and server are not in the same subnet.
Step...
1.
Enter system view
Command...
acl [ ipv6 ] acl-number { inbound
| outbound }
Command...
system-view
acl [ ipv6 ] number acl-number
[ match-order { config | auto } ]
rule [ rule-id ] { permit | deny }
rule-string
quit
user-interface [ type ] first-number
[ last-number ]
acl [ ipv6 ] acl-number { inbound
by
source
and
| outbound }
Command...
system-view
Remarks
Required.
inbound: Filters incoming Telnet
packets.
outbound: Filters outgoing Telnet
packets.
Remarks
—
Required.
By default, no advanced ACL
exists.
Required.
—
—
Required.
inbound: Filters incoming Telnet
packets.
outbound: Filters outgoing Telnet
packets.
Remarks
—
64