Network requirements, Configuring source mac-based login control over, Telnet usersconfiguring source mac-based login – H3C Technologies H3C S7500E Series Switches User Manual

5-3

To do…

Use the command…

Remarks

Use the ACL to control user

login by source and

destination IP addresses

acl [ ipv6 ] acl-number { inbound |

outbound }

Required

inbound: Filters incoming telnet

packets.

outbound: Filters outgoing telnet

packets.

Configuring Source MAC-Based Login Control over Telnet Users

Because Ethernet frame header ACLs can match the source MAC addresses of packets, you can use

Ethernet frame header ACLs to implement source MAC-based login control over telnet users. Ethernet

frame header ACLs are numbered from 4000 to 4999. For more information about ACL, see ACL

Configuration in the ACL and QoS Configuration Guide.

Follow these steps to configure source MAC-based login control over telnet users:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create an advanced ACL and

enter its view, or enter the view of

an existing advanced ACL

acl number acl-number

[ match-order { config | auto } ]

Required

By default, no advanced ACL

exists.

Configure rules for the ACL

rule [ rule-id ] { permit | deny }

rule-string

Required

Exit the advanced ACL view

quit

—

Enter user interface view

user-interface [ type ] first-number

[ last-number ]

—

Use the ACL to control user login

by source MAC address

acl acl-number inbound

Required

inbound: Filters incoming telnet

packets.

The above configuration does not take effect if the telnet client and server are not in the same subnet.

Source MAC-Based Login Control Configuration Example

Network requirements

As shown in

Figure 5-1

, configure an ACL on the Device to permit only incoming telnet packets

sourced from Host A and Host B.