對路由器的Telnet和Web的登錄訪問控制:新建基本的訪控2000,加入允許訪問的IP地址,分別對VTY和http服務應該訪問2000,保存配置。
<h3c>sys
[h3c]acl number 2000 name loginip
[h3c-acl-basic-2000-loginip]rule permit source 192.168.4.5 0
[h3c-acl-basic-2000-loginip]rule permit source 192.168.5.6 0
[h3c-acl-basic-2000-loginip]quit
[h3c]user-interface vty ?
INTEGER<0-4> First user terminal interface number to be configured
[h3c]user-interface vty 0 4
[h3c-ui-vty0-4]acl 2000 inbound
[h3c-ui-vty0-4]quit
[h3c]ip http acl 2000
[h3c]save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait....
Configuration is saved to device successfully.
[h3c]quit
以下是配置登錄限制後的日誌監控效果
