Configuration example, Network requirements, Network diagram – H3C Technologies H3C WX6000 Series Access Controllers User Manual

6-3

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a basic ACL or enter basic
ACL view

acl

number acl-number [ name

acl-name

] [ match-order { config

| auto } ]

As for the acl number command,
the config keyword is specified by
default.

Define rules for the ACL

rule

[ rule-id ] { permit | deny }

rule-string

Required
You can define rules as needed to
filter by specific source MAC
addresses.

Quit to system view

quit

—

Enter user interface view

user-interface

[ type ] first-number

[ last-number ]

—

Apply the ACL to control Telnet
users by source MAC addresses

acl

acl-number inbound

Required
The inbound keyword filters the
users trying to Telnet to the current
access controller.

Configuration Example

Network requirements

Only the Telnet users sourced from the IP address of 10.110.100.52 are permitted to log in to the access
controller.

Network diagram

Figure 6-1

Network diagram for controlling Telnet users using ACLs

Configuration procedure

# Define a basic ACL.

system-view

[H3C] acl number 2000 match-order config

[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[H3C-acl-basic-2000] quit

# Apply the ACL to only permit Telnet users sourced from the IP addresses of 10.110.100.52 to access
the access controller..

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] acl 2000 inbound

Controlling Network Management Users by Source IP Addresses

You can manage an access controller through network management software. Network management
users can access controllers through SNMP.

You need to perform the following two operations to control network management users by source IP
addresses.