Configuring source and destination ip-based login, Control over telnet users – H3C Technologies H3C S7500E Series Switches User Manual

5-2

To do…

Use the command…

Remarks

Create a basic ACL and enter its

view, or enter the view of an

existing basic ACL

acl [ ipv6 ] number acl-number

[ match-order { config | auto } ]

Required

By default, no basic ACL exists.

Configure rules for this ACL

rule [ rule-id ] { permit | deny }

[ source { sour-addr sour-wildcard

| any } | time-range time-name |

fragment | logging ]*

Required

Exit the basic ACL view

quit

—

Enter user interface view

user-interface [ type ] first-number

[ last-number ]

—

Use the ACL to control user login

by source IP address

acl [ ipv6 ] acl-number { inbound |

outbound }

Required

inbound: Filters incoming telnet

packets.

outbound: Filters outgoing telnet

packets.

Configuring Source and Destination IP-Based Login Control over Telnet Users

Because advanced ACLs can match both source and destination IP addresses of packets, you can

use advanced ACLs to implement source and destination IP-based login control over telnet users.

Advanced ACLs are numbered from 3000 to 3999. For more information about ACL, see ACL

Configuration in the ACL and QoS Configuration Guide.

Follow these steps to configure source and destination IP-based login control over telnet users:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create an advanced ACL

and enter its view, or enter

the view of an existing

advanced ACL

acl [ ipv6 ] number acl-number

[ match-order { config | auto } ]

Required

By default, no advanced ACL

exists.

Configure rules for the ACL

rule [ rule-id ] { permit | deny } rule-string

Required

Exit advanced ACL view

quit

—

Enter user interface

user-interface [ type ] first-number

[ last-number ]

—