H3C S9500 Series Operation Manual page 523

Operation Manual – QoS/ACL
H3C S9500 Series Routing Switches
Configuration
procedure
Apply
ACLs
restrict
inbound/o
utbound
requests
of Telnet
or SSH
users
By default, the system does not restrict incoming/outgoing requests.
Note:
You can only use number-based ACLs to implement the ACL control to Telnet or
SSH users.
When you use the basic or advanced ACL to implement the ACL control to Telnet or
SSH users, the incoming/outgoing requests are restricted based on the source or
destination IP addresses. Therefore, only the source-addr and the wildcard, and
dest-addr and the wildcard parameters, and the time-range keyword in the
corresponding command are valid. Similarly, when you use the Layer 2 ACL to
implement the ACL control to the Telnet or SSH users, the incoming/outgoing
requests are restricted based on the source MAC address. Therefore, only the
source-mac-addr and the source-mac-wildcard parameters, and the time-range
keyword in the corresponding command are valid.
When you use Layer 2 ACLs to implement the ACL control to the Telnet or SSH
users, only incoming requests are restricted.
If a user fails to log in due to ACL restriction, the system logs the user failure,
including the IP address, login method, user interface index value and failure
reason.
Apply
basic or acl
advanced outbound }
to
ACLs
Apply
Layer 2 acl acl-number2 inbound
ACLS
Chapter 3 Logon User ACL Control Configuration
Command
acl-number1 { inbound
3-3
Description
The
acl-number1
parameter
indicates the
|
number of the
basic or
advanced ACLs,
in the range of
2,000 to 3,999.
The
acl-number2
parameter
indicates the
number of the
Layer 2 ACL, in
the range of
4,000 to 4,999.