Configuring source mac-based telnet login control – H3C Technologies H3C SecPath F1000-E User Manual
Page 99

91
Step Command
Remarks
6.
Use the ACL to control user
login by source IP address.
acl [ ipv6 ] acl-number { inbound |
outbound }
inbound: Filters incoming Telnet
packets.
outbound: Filters outgoing Telnet
packets.
Configuring source and destination IP-based Telnet login control
Advanced ACLs can match both source and destination IP addresses of packets, so you can use
advanced ACLs to implement source and destination IP-based login control over Telnet users. Advanced
ACLs are numbered from 3000 to 3999. For more information about ACL, see Access Control
Configuration Guide.
To configure source and destination IP-based Telnet login control:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create an advanced ACL and
enter its view, or enter the
view of an existing advanced
ACL.
acl [ ipv6 ] number acl-number
[ name acl-name ] [ match-order
{ config | auto } ]
By default, no advanced ACL
exists.
3.
Configure rules for the ACL.
rule [ rule-id ] { permit | deny }
rule-string
N/A
4.
Exit advanced ACL view.
quit
N/A
5.
Enter user interface.
user-interface [ type ] first-number
[ last-number ]
N/A
6.
Use the ACL to control user
login by source and
destination IP addresses.
acl [ ipv6 ] acl-number { inbound |
outbound }
inbound: Filters incoming Telnet
packets.
outbound: Filters outgoing Telnet
packets.
Configuring source MAC-based Telnet login control
Ethernet frame header ACLs can match the source MAC addresses of packets, so you can use Ethernet
frame header ACLs to implement source MAC-based login control over Telnet users. Ethernet frame
header ACLs are numbered from 4000 to 4999. For more information about ACL, see Access Control
Configuration Guide.
To configure source MAC-based Telnet login control:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create an Ethernet frame
header ACL and enter its
view.
acl number acl-number [ name
acl-name ] [ match-order { config |
auto } ]
By default, no Ethernet frame
header ACL exists.
3.
Configure rules for the ACL.
rule [ rule-id ] { permit | deny }
rule-string
N/A
4.
Exit the advanced ACL view.
quit
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS