Filter
Top Products
376 CHAPTER 19: ACL CONFIGURATION
g Configure the QoS profile
[SW5500]qos-profile example
[SW5500-qos-profile-example]traffic-limit inbound ip-group 3000 128
exceed drop
[SW5500-qos-profile-example]traffic-priority inbound ip-group 3000
dscp 46
[SW5500-qos-profile-example]quit
h Set user based mode on the Ethernet1/0/1 port
[SW5500]interface ethernet1/0/1
[SW5500-Ethernet1/0/1]qos-profile user-based
ACL Control
Configuration
The Switch supports three major access modes: SNMP (Simple Network Management
Protocol) access, Telnet access and HTTP (Hypertext Transfer Protocol) access. Security
control is achieved at two levels: Connection request control is achieved at the first
level and appropriate ACL configuration ensures that only legal users can be
connected to the Switch. Password authentication is achieved at the second level and
only those connected, with correct passwords, can log successfully onto the Switch.
In this section only the first level security control, ACL configuration, is detailed. See
the Getting Started for the second level control.
Configuring ACL for
Telnet Users
This configuration can filter out malicious or illegal connection request before
password authentication.
Two steps are included in this configuration:
1 Define an ACL
2 Import the ACL to control Telnet users
Defining ACL Currently only number-based ACLs can be imported, with the number ranging from
2000 to 3999.
Perform the following configuration in System View.
Table 399 Defining Basic ACL
You can define multiple rules for an ACL by using the rule command several times.
Operation Command
Enter basic ACL (System View) acl number acl_number match-order { config |
auto }
Define a sub-rule (Basic ACL
View)
rule [ rule-id ] { permit | deny } [ source {
source_addr wildcard | any } | fragment |
logging | time-range name ]*
Delete a sub-rule (Basic ACL
View)
undo rule rule_id [ source | fragment | logging
| time-range ]*
Delete an ACL or all ACLs
(System View)
undo acl { number acl_number | all }