Configuration Tasks - H3C S9500 Series Operating Manual
Routing switches
Hide thumbs
Also See for S9500 Series:
- Command manual (1842 pages) ,
- Operation manual (1504 pages) ,
- Installation manual (38 pages)
Table of Contents
Advertisement
Operation Manual – QoS
H3C S9500 Series Routing Switches
4.2.2 Configuration Tasks
Follow these steps to configure ACL for Telnet/SSH users:
Enter system view
Define an ACL and
enter ACL view
Define
rules
Exit ACL view
Enter user interface
view
To do...
system-view
acl number acl-number [ match-order
{ config | auto } ]
rule [ rule-id ] { permit | deny } protocol
[ packet-level { bridge | route } |
Basic
source { source-addr wildcard | any } |
ACL view
fragment | time-range name |
vpn-instance instance-name ] *
rule [ rule-id ] { permit | deny } protocol
[ packet-level { bridge | route } |
source { source-addr wildcard | any } |
destination { dest-addr wildcard |
any } | source-port operator port1
Advance
[ port2 ] | destination-port operator
d ACL
port1 [ port2 ] | icmp-type type code |
view
established | { match-any |
match-all } { urg | ack| psh | rst | syn |
fin } | precedence precedence | tos
tos | dscp dscp | fragment | bt-flag |
time-range name | vpn-instance
instance-name | ttl ttl-value ] *
rule [ rule-id ] { permit | deny }
[ packet-level { bridge | route } | cos
cos-value | c-tag-cos c-cos-value |
exp exp-value | protocol-type |
mac-type { any-broadcast-packet |
arp-broadcast-packet |
non-arp-broadcast-packet |
{ { unicast-packet |
Layer 2
multicast-packet } [ known |
ACL view
unknown ] } } | ingress
{ { source-vlan-id [ to
source-vlan-id-end ] | source-mac-addr
source-mac-wildcard | c-tag-vlan
c-tag-vlan } * | any } | egress
{ dest-mac-addr dest-mac-wildcard |
any } | s-tag-vlan s-tag-vlanid |
time-range name ] *
quit
user-interface [ type ] first-number
Chapter 4 Logon User ACL Control
Use the command...
4-2
Configuration
Remarks
—
Required
The command
can only define a
number-identifie
d ACL
When Telnet
and SSH users
use basic and
advanced ACLs,
only the
parameters
source-addr and
the wildcard,
dest-addr and
the wildcard
parameter, and
the time-range
keyword in the
command are
valid.
When Telnet
and SSH users
use a Layer 2
ACL, only the
source-mac-add
r and the
source-mac-wild
card parameter,
and the
time-range
keyword in the
command are
valid.
—
—
Advertisement
Table of Contents
