3com 4500 26-PORT Manual De Usuario
184
C
HAPTER
8: U
SING
Q
O
S/ACL C
OMMANDS
ACL Commands List
This section describes how to use the ACL configuration commands on your
Switch 4500.
Switch 4500.
acl
Syntax
acl acl-number1 { inbound | outbound }
undo acl acl-number1 { inbound | outbound }
acl acl-number2 inbound
undo acl acl-number2 inbound
View
User interface view
Parameter
acl-number1: Number of number-based basic and advanced ACLs, in the
range of 2,000 to 3,999.
acl-number2: Number of number-based L2 ACLs, in the range of 4,000 to
4,999.
inbound: Implements ACL control over the users logging into local
switch in the TELNET or SSH mode.
outbound: Implements ACL control over the users logging into other
switches from local switch in the TELNET or SSH mode.
Description
Use the acl command to use ACLs, implementing ACL control over TELNET or SSH
users.
users.
Use the undo acl command to cancel the ACL control over TELNET or SSH users.
■
You can only use number-based ACLs for TELNET or SSH user ACL control.
■
When TELNET or SSH users use basic or advanced ACLs, the incoming/outgoing
calls are restricted on the basis of the source or destination IP address. As a
result, when you use the rules for basic and advanced ACLs, only the source IP
and the corresponding mask, the destination IP and the corresponding mask,
and the time-range keyword take effect. When TELNET and SSH users use L2
ACLs, the incoming/outgoing calls are restricted on the basis of source MAC
addresses. As a result, when you use the rules for L2 ACLs, only the source
MAC and the corresponding mask, and the time-range keyword take effect.
calls are restricted on the basis of the source or destination IP address. As a
result, when you use the rules for basic and advanced ACLs, only the source IP
and the corresponding mask, the destination IP and the corresponding mask,
and the time-range keyword take effect. When TELNET and SSH users use L2
ACLs, the incoming/outgoing calls are restricted on the basis of source MAC
addresses. As a result, when you use the rules for L2 ACLs, only the source
MAC and the corresponding mask, and the time-range keyword take effect.
■
When you control telnet and SSH users on the basis of L2 ACLs, only the
incoming calls are restricted.
incoming calls are restricted.
■
If a user is refused to log in due to ACL restriction, the system will record the
log information about an access failure. The log information includes the user
IP address, login mode, index value for a login user interface and reason for
login failure.
log information about an access failure. The log information includes the user
IP address, login mode, index value for a login user interface and reason for
login failure.
By default, the incoming/outgoing calls of the user interface are not restricted.
Example
# Implement ACL control over users logging into local switch in the TELNET mode.
(You have defined basic ACL 2000)
(You have defined basic ACL 2000)
<4500>system-view
System View: return to User View with Ctrl+Z.