7-3
Controlling Telnet Users by Source MAC Addresses
Controlling Telnet users by source MAC addresses is achieved by applying Layer 2 ACLs, which are
numbered from 4000 to 4999.
Follow these steps to control Telnet users by source MAC addresses:
To do… Use the command… Remarks
Enter system view
system-view
—
Create or enter Layer 2 ACL
view
acl number acl-number
—
Define rules for the ACL
rule [ rule-id ] { deny |
permit } [ rule-string ]
Required
You can define rules as needed to
filter by specific source MAC
addresses.
Quit to system view
quit
—
Enter user interface view
user-interface [ type ]
first-number [ last-number ]
—
Apply the ACL to control
Telnet users by specified
source MAC addresses
acl acl-number inbound
Required
By default, no ACL is applied for
Telnet users.
Configuration Example
Network requirements
As shown in Figure 7-1, only the Telnet users sourced from the IP address of 10.110.100.52 are
permitted to access the switching engine.
Figure 7-1 Network diagram for controlling Telnet users using ACLs
Configuration procedure
# Define a basic ACL.
<device> system-view
[device] acl number 2000
[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[device-acl-basic-2000] quit
# Apply the ACL.
[device] user-interface vty 0 4
[device-ui-vty0-4] acl 2000 inbound
