To do…

Use the command…

Remarks

Create an Ethernet frame header

acl number acl-number

Required

By default, no advanced ACL

ACL and enter its view

[ match-order { config auto } ]

exists.

 

 

 

 

 

Configure rules for the ACL

rule [ rule-id] { permit deny }

Required

rule-string

 

 

 

 

 

Exit the advanced ACL view

quit

 

 

 

Enter user interface view

user-interface [ type ] first-number

[ last-number ]

 

 

 

 

 

Use the ACL to control user login

 

Required

acl acl-numberinbound

inbound: Filters incoming Telnet

by source MAC address

 

packets.

 

 

 

 

 

 

 

 

NOTE:

The above configuration does not take effect if the Telnet client and server are not in the same subnet.

Source MAC-based login control configuration example

Network requirements

As shown in Figure 33, configure an ACL on the Device to permit only incoming Telnet packets sourced from Host A and Host B.

Figure 33 Network diagram for configuring source MAC-based login control

Configuration procedure

#Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A.

<Sysname> system-view

[Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Sysname-acl-basic-2000] quit

#Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to access the Device.

80