9-2
z If no ACL is configured on the VTY user interface, users are not controlled when establishing a
Telnet connection using this user interface.
z If an ACL is configured on the VTY user interface, there will be two possibilities: if the packets for
establishing a Telnet connection match the ACL rule configured on the VTY user interface, the
connection will be permitted or denied according to the ACL rule; if not, the connection will be
denied directly.
Controlling Telnet Users by ACL
Controlling Telnet users by ACL is achieved by the following two ways:
z inbound: Applies the ACL to the users Telnetting to the local switch through the VTY user
interface.
z outbound: Applies the ACL to the users Telnetting to other devices through the current user
interface. This keyword is unavailable to Layer 2 ACLs.
You can configure the following three types of ACLs as needed:
Table 9-2 ACL categories
Category ACL number Matching criteria
Basic ACL 2000 to 2999 Source IP address
Advanced ACL 3000 to 3999
Source IP address and
destination IP address
Layer 2 ACL 4000 to 4999 Source MAC address
Source and destination in this manual refer to a Telnet client and a Telnet server respectively.
z If the inbound keyword is specified, the Telnet client is the user telnetting to the local switch and
the Telnet server is the local switch.
z If the outbound keyword is specified, the Telnet client is the local switch, and the Telnet server is
another device to which the user is telnetting.
Follow these steps to control Telnet users by ACL:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a basic ACL or enter
basic ACL view
acl number acl-number
[ match-order { auto |
config } ]
As for the acl number command, the
config keyword is specified by
default.
Define rules for the ACL
rule [ rule-id ] { deny |
permit } [ rule-string ]
Required
Quit to system view
quit
—
Enter user interface view
user-interface [ type ]
first-number [ last-number ]
—
To Next Page
Loading...
