Network requirements, Configuration procedure – H3C Technologies H3C SecBlade NetStream Cards User Manual

52

To do…

Use the command…

Remarks

Enter system view

system-view —

Create an Ethernet frame header
ACL and enter its view

acl number acl-number
[ match-order { config | auto } ]

Required
By default, no Ethernet frame
header ACL exists.

Configure rules for the ACL

rule [ rule-id ] { permit | deny }
rule-string

Required

Exit the advanced ACL view

quit

—

Enter user interface view

user-interface [ type ] first-number
[ last-number ]

—

Use the ACL to control user login
by source MAC address

acl acl-number inbound

Required
inbound: Filters incoming telnet

packets.

NOTE:

The configuration does not take effect if the telnet client and server are not in the same subnet.

Source MAC-based login control configuration example

Network requirements

As shown in

Figure 20

, configure an ACL on the SecBlade card to permit only incoming telnet packets

sourced from Host A and Host B.

Figure 20 Network diagram for configuring ACL control for Telnet users

Configuration procedure

# Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to

permit packets sourced from Host A.

system-view
[SecBlade] acl number 2000 match-order config
[SecBlade-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[SecBlade-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[SecBlade-acl-basic-2000] quit

Host B

10.110.100.52

Host A

10.110.100.46

IP network

SecBlade

IP network

Device