F3215-HP Load Balancing Module System Management Command Reference-6PW101
88
The system regards the basic/advanced ACL with the inbound keyword, the basic/advanced ACL with
the outbound keyword, and Ethernet frame header ACL as different types of ACLs, which can coexist in
one VTY user interface. The match order is basic/advanced ACL, Ethernet frame header ACL. At most
one ACL of each type can be referenced in the same VTY user interface, and the most recently configured
one takes effect.
For more information about ACL, see Security Command Reference.
Examples
# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0
[Sysname-acl-basic-2001] quit
[Sysname] user-interface vty 0
[Sysname-ui-vty0] acl 2001 inbound
After the configuration, user A (with the IP address 192.168.1.26) can Telnet to the device, but user B (with
the IP address 192.168.1.60) cannot. Upon a connection failure, a message appears: "%connection
closed by remote host!"
# Allow the device to only Telnet to the Telnet server with IP address 192.168.1.41.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0
[Sysname-acl-adv-3001] quit
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 3001 outbound
[Sysname-ui-vty0-4] return
<Sysname>
After your configuration, if you Telnet to 192.168.1.46, your operation fails.
<Sysname> telnet 192.168.1.46
%Can't access the host from this terminal!
But you can Telnet to 192.168.1.41.
<Sysname> telnet 192.168.1.41
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
free web-users
Use free web-users to log out Web users.
Syntax
free web-users { all | user-id user-id | user-name user-name }
Views
User view
Default command level
2: System level