Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual

1-3

Follow these steps to control Telnet users by source MAC addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create or enter Layer 2
ACL view

acl number

acl-number —

Define rules for the ACL

rule

[ rule-id ] { deny | permit }

[ rule-string ]

Required
You can define rules as needed to filter
by specific source MAC addresses.

Quit to system view

quit

—

Enter user interface view

user-interface

[ type ] first-number

[ last-number ]

—

Apply the ACL to control
Telnet users by specified
source MAC addresses

acl

acl-number inbound

Required
By default, no ACL is applied for Telnet
users.

Configuration Example

Network requirements

As shown in

Figure 8-1

, only the Telnet users sourced from the IP address of 10.110.100.52 are

permitted to access the switching engine.

Figure 8-1

Network diagram for controlling Telnet users using ACLs

Configuration procedure

# Define a basic ACL.

system-view

[device] acl number 2000

[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[device-acl-basic-2000] quit

# Apply the ACL.

[device] user-interface vty 0 4

[device-ui-vty0-4] acl 2000 inbound

Controlling Network Management Users by Source IP Addresses

You can manage the device through network management software. Network management users can
access switching engines through SNMP.

You need to perform the following two operations to control network management users by source IP
addresses.

z

Defining an ACL

z

Applying the ACL to control users accessing the switching engine through SNMP