Filter
Top Products
To do… Use the command… Remarks
Create an Ethernet frame header
ACL and enter its view
acl number acl-number
[ match-order { config | auto } ]
Required
By default, no advanced ACL
exists.
Configure rules for the ACL
rule [ rule-id ] { permit | deny }
rule-string
Required
Exit the advanced ACL view quit —
Enter user interface view
user-interface [ type ] first-number
[ last-number ]
—
Use the ACL to control user login
by source MAC address
acl acl-number inbound
Required
inbound: Filters incoming Telnet
packets.
NOTE:
The above configuration does not take effect if the Telnet client and server are not in the same subnet.
Source MAC-based login control configuration example
Network requirements
As shown in Figure 33, configure an ACL on the Device to permit only incoming Telnet packets sourced
from Host A and Host B.
Figure 33 Network diagram for configuring source MAC-based login control
Configuration procedure
# Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to
permit packets sourced from Host A.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to access the
Device.
80