The four hosts in the telnet logon restriction configuration can remotely log on to the S3760-A and S3760-B devices. Www.2cto.com now let's make the following restrictions: 1. vlan10 users are only allowed to remotely log on to the S3760-A device, while vlan20 users are not allowed to remotely log on to any of the devices. 2. vlan30 users are only allowed to log on to the S3760-A device, while vlan40 users can log on to any device. According to the preceding requirements, we can configure the ACL on the two devices and apply the acl to the vty port to meet the preceding requirements. Configuration steps: S3760-A # configure S3760-A (config) # interface fastethernet 0/1S3760-A (config-if) # switchport access vlan 10S3760-A (config-if) # no shutS3760-A (config-if) # exitS3760-A (config) # interface fastethernet 0/2S3760-A (config-if) # switchport access vlan 20S3760-A (config-if) # no shutS3760-A (config-if) # exitS3760-A (config) # interface fastethernet 0/10S3760-A (config-if) # no switchportS3760-A (Config-if) # ip address 192.168.1.1 255.255.255.0S3760-A (config-if) # no shutS3760-A (config-if) # exitS3760-A (config) # interface vlan 10S3760-A (config-if) # ip address 192.168.10.1 255.255.255.0S3760-A (config-if) # no shutS3760-A (config-if) # exitS3760-A (config) # interface vlan 20S3760-A (config-if) # ip address 192.168.20.1 255.255.255.0S3760-A (config-if) # no shutS3760-A (config-if) # exitS3760-A (config) # ip route 19 255.30.0 255.255.255.0 192.168.1.2S3760-A (config) # ip route 192.168.40.0 255.255.255.0 192.168.1.2S3760-A (config) # ip access-list standard 10S3760-A (config-std-nacl) # deny192.168.20.0 0.0.0.255S3760-A (config-std-nacl) # permit anyS3760-A (config-std-nacl) # exitS3760-A (config) # line vty 0 4S3760-A (config-line) # password 123456S3760-A (config-line) # access-class 10 inS3760-A (config. line) # exitS3760-A (config )# Enable secret 123456S3760-A (config) # configure on www.2cto.com device S3760-B step: S3760-B # configure terminal. s3760-B (config) # interface fastethernet 0/1S3760-B (config-if) # switchport access vlan 30S3760-B (config-if) # no shutS3760-B (config-if) # exitS3760-B (config) # interface fastethernet 0/2S3760-B (config-if) # switchport access vlan 40S3760-B (config-if) # no shutS3760-B (config-if) # exitS3760-B (config) # interface fastethernet 0/10S3760-B (config-if) # no switchportS3760-B (config-if) # ip address 192.168.1.2 255.255.255.0S3760-B (config-if) # no shutS3760-B (config-if) # exitS3760-B (config) # interface vlan 30S3760-B (config-if) # ip address 192.168.30.1 255.255.255.0S3760-B (config-if) # no shutS3760-B (config-if) # exitS3760-B (config) # interface vlan 40S3760-B (config-if) # ip address 192.168.40.1 255.255.255.0S3760-B (config-if) # no shutS3760- B (config-if) # exitS3760-B (config) # ip route 192.168.10.0 route 255.255.0 192.168.1.1S3760-B (config) # ip route 192.168.20.0 255.255.255.0 192.168.1.1S3760-B (config) # ip access-list standard 20S3760-B (config-std-nacl) # permit 192.168.40.0 0.0.0.255S3760-B (config-std-nacl) # deny anyS3760-B (config-std-nacl) # exitS3760-B (config) # line vty 0 4S3760-B (config-line) # password 123456S3760-B (config-line) # access-class 2 0 inS3760-B (config-line) # exitS3760-B (config) # enable secret 123456S3760-B (config) # end conclusion: The experiment is to configure the ACL and apply it on the VTY port, it is used to prevent unauthorized users from logging on to network devices for management. Because the user first logs on to the device through the VTY port. When a user wants to log on to the device, the first step is to enter the VTY port, but in the experiment, I applied the ACL on the VTY port, so the user will accept the ACL check when entering the VTY, users that comply with the rules can log on. If they do not comply with the rules, logon is prohibited,