H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – Login
H3C S7500 Series Ethernet Switches Chapter 6
User Control
6-3
To do… Use the command… Remarks
Define rules for the ACL
rule [ rule-id ] { permit |
deny } protocol [ source
{ source-addr wildcard |
any } ] [ destination
{ dest-addr dest-mask |
any } ] [ source-port
operator port1 [ port2 ] ]
[ destination-port
operator port1 [ port2 ] ]
[ icmp-type type code ]
[ established ]
[ [ precedence
precedence | tos tos ]* |
dscp dscp ] [ fragment ]
[ time-range time-name ]
Required
You can define rules as
needed to filter by specific
source and destination IP
addresses.
Return to system view
quit
—
Enter user interface view
user-interface [ type ]
first-number
[ last-number ]
—
Apply the ACL to control
Telnet users by specified
source and destination IP
addresses
acl acl-number { inbound
| outbound }
Required
The inbound keyword
specifies to filter the users
trying to Telnet to the
current switch.
The outbound keyword
specifies to filter users
trying to Telnet to other
switches from the current
switch.
6.3 Controlling Network Management Users by Source IP
Addresses
You can manage a H3C series Ethernet switch through network management software.
Network management users can access switches through SNMP.
You need to perform the following two operations to control network management users
by source IP addresses.
z Defining an ACL
z Applying the ACL to control users accessing the switch through SNMP
6.3.1 Prerequisites
The controlling policy against network management users is determined, including the
source IP addresses to be controlled and the controlling actions (permitting or denying).