Controlling Telnet Users by Source MAC Addresses

Controlling Telnet users by source MAC addresses is achieved by applying Layer 2 ACLs, which are numbered from 4000 to 4999.

Follow these steps to control Telnet users by source MAC addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

 

 

 

Create or enter Layer 2 ACL

acl number acl-number

view

 

 

 

 

 

 

 

Required

Define rules for the ACL

rule [ rule-id] { deny

You can define rules as needed to

permit } [ rule-string ]

filter by specific source MAC

 

 

 

addresses.

 

 

 

Quit to system view

quit

 

 

 

Enter user interface view

user-interface [ type ]

first-number [ last-number ]

 

 

 

 

 

Apply the ACL to control

 

Required

Telnet users by specified

acl acl-numberinbound

By default, no ACL is applied for

source MAC addresses

 

Telnet users.

 

 

 

Configuration Example

Network requirements

As shown in Figure 7-1, only the Telnet users sourced from the IP address of 10.110.100.52 are permitted to access the switching engine.

Figure 7-1Network diagram for controlling Telnet users using ACLs

Configuration procedure

# Define a basic ACL. <device> system-view [device] acl number 2000

[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[device-acl-basic-2000] quit

# Apply the ACL.

[device] user-interface vty 0 4 [device-ui-vty0-4] acl 2000 inbound

7-3

Page 50
Image 50
3Com WX3000 operation manual Controlling Telnet Users by Source MAC Addresses, Rule rule-id deny, Permit rule-string