146
C
7: ACL C
HAPTER
ONFIGURATION
ACLs, the incoming/outgoing calls are restricted on the basis of source MAC
addresses. As a result, when you use the rules for L2 ACLs, only the source
MAC and the corresponding mask, and the time-range keyword take effect.
When you control telnet and SSH users on the basis of L2 ACLs, only the
■
incoming calls are restricted.
If a user is refused to log in due to ACL restriction, the system will record the
■
log information about an access failure. The log information includes the user
IP address, login mode, index value for a login user interface and reason for
login failure.
L2 ACL Configuration Example
Configuration Prerequisites Only the TELNET users with 00e0-fc01-0101 and
00e0-fc01-0303 source MAC addresses are allowed to access switches.
Figure 40 Source MAC Control Over TELNET User Accessing Switch
Configuration Steps
# Define L2 ACLs.
<4500>system-view
System View: return to User View with Ctrl+Z.
[4500] acl number 4000 match-order config
# Define rules.
[
4500-acl-link-4000] rule 1 permit ingress 00e0-fc01-0101
0000-0000-0000 [4500-acl-link-4000] rule 2 permit ingress
00e0-fc01-0303 0000-0000-0000
[4500-acl-link-4000] rule 3 deny ingress any
[4500-acl-link-4000] quit
# Enter the user interface view.
[4500] user-interface vty 0 4
# Use L2 ACLs, and restrict incoming calls of the user interface.
[4500-user-interface-vty0-4] acl 4000 inbound