8-3Controlling Telnet Users by Source MAC AddressesThis configuration needs to be implemented by Layer 2 ACL; a Layer 2 ACL ranges from 4000 to 4999.For the definition of ACL, refer to ACL Configuration in the Security Volume.Follow these steps to control Telnet users by source MAC addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL or enterbasic ACL viewacl number acl-number[ match-order { config |auto } ]As for the acl numbercommand, the config keywordis specified by default.Define rules for the ACL rule [ rule-id ] { permit | deny }rule-stringRequiredYou can define rules as neededto filter by specific source MACaddresses.Quit to system view quit —Enter user interface view user-interface [ type ]first-number [ last-number ] —Apply the ACL to control Telnetusers by source MACaddressesacl acl-number inboundRequiredThe inbound keywordspecifies to filter the userstrying to Telnet to the currentswitch.Layer 2 ACL is invalid for this function if the source IP address of the Telnet client and the interface IPaddress of the Telnet server are not in the same subnet.Configuration ExampleNetwork requirementsOnly the Telnet users sourced from the IP address of 10.110.100.52 and 10.110.100.46 are permitted tolog in to the switch.Figure 8-1 Network diagram for controlling Telnet users using ACLsSwitch10.110.100.46Host AIP networkHost B10.110.100.52