3com 8807 사용자 가이드
Configuring ACL for Telnet/SSH Users
211
n
■
You can only use number-based ACLs to implement the ACL control to Telnet
or SSH users.
or SSH users.
■
When you use the basic or advanced ACL to implement the ACL control to
Telnet or SSH users, the incoming/outgoing requests are restricted based on the
source or destination IP addresses. Therefore, only the source-addr and the
wildcard, and dest-addr and the wildcard parameters, and the time-range
keyword in the corresponding command are valid. Similarly, when you use the
Layer 2 ACL to implement the ACL control to the Telnet or SSH users, the
incoming/outgoing requests are restricted based on the source MAC address.
Therefore, only the source-mac-addr and the source-mac-wildcard parameters,
and the time-range keyword in the corresponding command are valid.
Telnet or SSH users, the incoming/outgoing requests are restricted based on the
source or destination IP addresses. Therefore, only the source-addr and the
wildcard, and dest-addr and the wildcard parameters, and the time-range
keyword in the corresponding command are valid. Similarly, when you use the
Layer 2 ACL to implement the ACL control to the Telnet or SSH users, the
incoming/outgoing requests are restricted based on the source MAC address.
Therefore, only the source-mac-addr and the source-mac-wildcard parameters,
and the time-range keyword in the corresponding command are valid.
■
When you use Layer 2 ACLs to implement the ACL control to the Telnet or SSH
users, only incoming requests are restricted.
users, only incoming requests are restricted.
■
If a user fails to log in due to ACL restriction, the system logs the user failure,
including the IP address, login method, user interface index value and failure
reason.
including the IP address, login method, user interface index value and failure
reason.
Layer 2 ACL Control
Configuration Example
Network requirements
Only the Telnet users with source MAC addresses 00e0-fc01-0101 and
00e0-fc01-0303 are allowed to access the switch.
00e0-fc01-0303 are allowed to access the switch.
Network diagram
Figure 54 Network diagram for source MAC address control over Telnet users
Configuration procedure
# Define an Layer 2 ACL.
<SW8800>system-view
System View: return to User View with Ctrl+Z.
[SW8800] acl number 4000 match-order config
# Define rules.
[3Com-acl-link-4000] rule 1 permit ingress 00e0-fc01-0101 0000-0000-0000 [3C
om-acl-link-4000] rule 2 permit ingress 00e0-fc01-0303 0000-0000-0000
[3Com-acl-link-4000] rule 3 deny ingress any
[3Com-acl-link-4000] quit
# Enter user interface view
Switch
Switch
PC
Switch
Switch
PC