210 CHAPTER 23: LOGON USER ACL CONTROL CONFIGURATION
By default, the system does not restrict incoming/outgoing requests.
Define rules
Basic ACL view
rule [ rule-id ] { permit |
deny } [ source {
source-addr wildcard | any
} | fragment | time-range
name | vpn-instance
instance-name ]*
When Telnet and SSH
users use basic and
advanced ACLs, only the
parameters source-addr
and the wildcard,
dest-addr and the wildcard
parameter, and the
time-range keyword in
the command are valid.
Advanced ACL
view
rule [ rule-id ] { permit |
deny } protocol [ source {
source-addr wildcard | any
} ] [ destination {
dest-addr wildcard | any } ]
[ source-port operator
port1 [ port2 ] ] [
destination-port
operator port1 [ port2 ] ] [
icmp-type type code ] [
established ] [ [
precedence precedence |
tos tos ]* | dscp dscp ] [
fragment ] [bt-flag ]
[time-range name ] [
vpn-instance
instance-name ]
Layer 2 ACL view
rule [ rule-id ] { permit |
deny } [ cos cos-value |
c-tag-cos c-cos-value |
exp exp-value |
protocol-type | mac-type {
any-broadcast-packet |
arp-broadcast-packet |
non-arp-broadcast-pack
et | { { unicast-packet |
multicast-packet } [
known | unknown ] } } |
ingress { { source-vlan-id [
to source-vlan-id-end ] |
source-mac-addr
source-mac-wildcard |
c-tag-vlan c-tag-vlanid }* |
any } | egress {
dest-mac-addr
dest-mac-wildcard | any } |
s-tag-vlan s-tag-vlanid |
time-range name ]*
When Telnet and SSH
users use an Layer 2 ACL,
only the source-mac-addr
and the
source-mac-wildcard
parameter, and the
time-range keyword in
the command are valid.
Exit ACL view quit -
Enter user interface view
user-interface [ type ]
first-number
-
Apply ACLs to
restrict
inbound/outboun
d requests of
Telnet or SSH
users
Apply basic or
advanced ACLs
acl acl-number1 {
inbound | outbound }
The acl-number1
parameter indicates the
number of the basic or
advanced ACLs, in the
range of 2,000 to 3,999.
Apply Layer 2
ACLS
acl acl-number2 inbound
The acl-number2
parameter indicates the
number of the Layer 2
ACL, in the range of 4,000
to 4,999.
Table 181 Configuration tasks
Configuration procedure Command Description
To Next Page
Loading...
