Controlling Telnet Users By Acl - 3Com 4500 Configuration Manual

If no ACL is configured on the VTY user interface, users are not controlled when establishing a
Telnet connection using this user interface.
If an ACL is configured on the VTY user interface, there will be two possibilities: if the packets for
establishing a Telnet connection match the ACL rule configured on the VTY user interface, the
connection will be permitted or denied according to the ACL rule; if not, the connection will be
denied directly.

Controlling Telnet Users by ACL

Controlling Telnet users by ACL is achieved by the following two ways:
inbound: Applies the ACL to the users Telnetting to the local switch through the VTY user
interface.
outbound: Applies the ACL to the users Telnetting to other devices through the current user
interface. This keyword is unavailable to Layer 2 ACLs.
You can configure the following three types of ACLs as needed:
Table 9-2 ACL categories
Category
Basic ACL
Advanced ACL
Layer 2 ACL
Source and destination in this manual refer to a Telnet client and a Telnet server respectively.
If the inbound keyword is specified, the Telnet client is the user telnetting to the local switch and
the Telnet server is the local switch.
If the outbound keyword is specified, the Telnet client is the local switch, and the Telnet server is
another device to which the user is telnetting.
Follow these steps to control Telnet users by ACL:
To do...
Enter system view
Create a basic ACL or enter
basic ACL view
Define rules for the ACL
Quit to system view
Enter user interface view
ACL number
2000 to 2999
3000 to 3999
4000 to 4999
Use the command...
system-view
acl number acl-number
[ match-order { auto |
config } ]
rule [ rule-id ] { deny |
permit } [ rule-string ]
quit
user-interface [ type ]
first-number [ last-number ]
9-2
Matching criteria
Source IP address
Source IP address and
destination IP address
Source MAC address
Remarks
—
As for the acl number command, the
config keyword is specified by
default.
Required
—
—