9-3
To do…
Use the command…
Remarks
Apply a
basic or
advanced
ACL to
control
Telnet users
acl
acl-number
{
inbound
|
outbound
}
Apply an
ACL to
control
Telnet users
by ACL
Apply a
Layer 2 ACL
to control
Telnet users
acl
acl-number inbound
Required
Use either command
z
The
inbound
keyword specifies to
filter the users trying to Telnet to
the current switch.
z
The
outbound
keyword specifies
to filter users trying to Telnet to
other switches from the current
switch.
Configuration Example
Network requirements
Only the Telnet users sourced from the IP address of 10.110.100.52 are permitted to access the switch.
Network diagram
Figure 9-1
Network diagram for controlling Telnet users using ACLs
Switch
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Apply the ACL.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
Controlling Network Management Users by Source IP Addresses
You can manage Switch 4500 through network management software. Network management users can
access switches through SNMP.
You need to perform the following two operations to control network management users by source IP
addresses.