H3C S5500-SI Series Operation Manual page 958

Follow these steps to control Telnet users by source MAC addresses:
To do...
Enter system view
Create a basic ACL or enter
basic ACL view
Define rules for the ACL
Quit to system view
Enter user interface view
Apply the ACL to control Telnet
users by source MAC
addresses
Layer 2 ACL is invalid for this function if the source IP address of the Telnet client and the interface IP
address of the Telnet server are not in the same subnet.
Configuration Example
Network requirements
Only the Telnet users sourced from the IP address of 10.110.100.52 and 10.110.100.46 are permitted to
log in to the switch.
Figure 7-1 Network diagram for controlling Telnet users using ACLs
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
Use the command...
system-view
acl number acl-number
[ match-order { config |
auto } ]
rule [ rule-id ] { permit | deny }
rule-string
quit
user-interface [ type ]
first-number [ last-number ]
acl acl-number inbound
Switch
7-3
Remarks
—
As for the acl number
command, the config keyword
is specified by default.
Required
You can define rules as needed
to filter by specific source MAC
addresses.
—
—
Required
The inbound keyword specifies
to filter the users trying to Telnet
to the current switch.