146 CHAPTER 7: ACL CONFIGURATION
ACLs, the incoming/outgoing calls are restricted on the basis of source MAC
addresses. As a result, when you use the rules for L2 ACLs, only the source
MAC and the corresponding mask, and the time-range keyword take effect.
â– When you control telnet and SSH users on the basis of L2 ACLs, only the
incoming calls are restricted.
â– If a user is refused to log in due to ACL restriction, the system will record the
log information about an access failure. The log information includes the user
IP address, login mode, index value for a login user interface and reason for
login failure.
L2 ACL Configuration Example
Configuration Prerequisites Only the TELNET users with 00e0-fc01-0101 and
00e0-fc01-0303 source MAC addresses are allowed to access switches.
Figure 40 Source MAC Control Over TELNET User Accessing Switch
Configuration Steps
# Define L2 ACLs.
<4500>system-view
System View: return to User View with Ctrl+Z.
[4500] acl number 4000 match-order config
# Define rules.
[4500-acl-link-4000] rule 1 permit ingress 00e0-fc01-0101
0000-0000-0000 [4500-acl-link-4000] rule 2 permit ingress
00e0-fc01-0303 0000-0000-0000
[4500-acl-link-4000] rule 3 deny ingress any
[4500-acl-link-4000] quit
# Enter the user interface view.
[4500] user-interface vty 0 4
# Use L2 ACLs, and restrict incoming calls of the user interface.
[4500-user-interface-vty0-4] acl 4000 inbound
To Next Page
Loading...
Need help?
General