R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

116

To do… Use the command…

Remarks

Create an Ethernet frame header

ACL and enter its view, or enter the

view of an existing Ethernet frame

header ACL

acl number acl-number

[ match-order { config | auto } ]

Required

By default, no advanced ACL

exists.

Configure rules for the ACL

rule [ rule-id ] { permit | deny }

rule-string

Required

Exit the advanced ACL view quit —

Enter user interface view

user-interface [ type ] first-number

[ last-number ]

—

Use the ACL to control user login

by source MAC address

acl acl-number inbound

Required

inbound: Filters incoming Telnet

packets.

NOTE:

The configuration does not take effect if the Telnet client and server are not in the same subnet.

Source MAC-based login control configuration example

1. Network requirements

As shown in Figure 71, c

onfigure an ACL on the Firewall to permit only Telnet packets sourced from Host

A and Host B.

Figure 71 Network diagram for configuring source MAC-based login control

2. Configuration procedure

# Create basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to

permit packets sourced from Host A.

<Firewall> system-view

[Firewall] acl number 2000 match-order config

[Firewall-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Firewall-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Firewall-acl-basic-2000] quit

# Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to access the

Firewall.

[Firewall] user-interface vty 0 4

Firewall