HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Command Refer - Page 20

If you configure two or more ACLs of the same type for a VTY user interface, only the last one takes effect. A basic ACL with the inbound keyword and a basic ACL with the outbound keyword are considered different types of ACLs. The same is true for advanced ACLs. If you apply more than one type of ACL to a VTY user interface, the match order is basic ACL, advanced ACL, and Ethernet frame header ACL. Examples # Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 192.168.1.26 0 [Sysname-acl-basic-2001] quit [Sysname] user-interface vty 0 [Sysname-ui-vty0] acl 2001 inbound After your configuration, user A (with the IP address 192.168.1.26) can Telnet to the device while user B (with the IP address 192.168.1.60) cannot Telnet to the device. Upon a connection failure, a message appears, saying "%connection closed by remote host!" # Allow the device to only Telnet to the Telnet server with IP address 192.168.1.41. system-view [Sysname] acl number 3001 [Sysname-acl-adv-3001] rule permit tcp destination 192.168.1.41 0 [Sysname-acl-adv-3001] quit [Sysname] user-interface vty 0 7 [Sysname-ui-vty0-7] acl 3001 outbound [Sysname-ui-vty0-7] return After your configuration, if you Telnet to 192.168.1.46, your operation fails. telnet 192.168.1.46 %Can't access the host from this terminal! But you can Telnet to 192.168.1.41. telnet 192.168.1.41 Trying 192.168.1.41 ... Press CTRL+K to abort Connected to 192.168.1.41 ... activation-key Syntax activation-key character View undo activation-key AUX user interface view Default level 3: Manage level 13