Operation Manual – QoS/ACL
H3C S9500 Series Routing Switches
3.2.3 Layer 2 ACL Control Configuration Example
I. Network requirements
Only the Telnet users with source MAC addresses 00e0-fc01-0101 and
00e0-fc01-0303 are allowed to access the switch.
II. Network diagram
PC
PC
Switch
Switch
Switch
Switch
Figure 3-1 Network diagram for source MAC address control over Telnet users
III. Configuration procedure
# Define an Layer 2 ACL.
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C] acl number 4000 match-order config
# Define rules.
[H3C-acl-link-4000] rule 1 permit ingress 00e0-fc01-0101 0000-0000-0000
[H3C-acl-link-4000] rule 2 permit ingress 00e0-fc01-0303 0000-0000-0000
[H3C-acl-link-4000] rule 3 deny ingress any
[H3C-acl-link-4000] quit
# Enter user interface view
[H3C] user-interface vty 0 4
# Apply the Layer 2 ACL to restrict incoming requests.
[H3C-user-interface-vty0-4] acl 4000 inbound
3.2.4 Basic ACL Control Configuration Example
I. Network requirements
Only the Telnet users with IP addresses of 10.110.100.52 and 10.110.100.46 can
access the switch.
Chapter 3 Logon User ACL Control Configuration
3-4