For example, to allow to connect to the Huawei SmartAX MA5600 series via telnet only to the specified IP address ranges 192.168.0.100-192.168.0.254 and 172.16.24.1-172.16.24.50 we will connect to the device and go into the configuration mode:
enable config
And execute the following commands (for non-specified IP access is immediately prohibited):
sysman ip-access telnet 192.168.0.100 192.168.0.254 sysman ip-access telnet 172.16.24.1 172.16.24.50 sysman firewall telnet enable
Similarly for SSH:
sysman ip-access ssh 192.168.0.100 192.168.0.254 sysman firewall ssh enable
And SNMP for example for one IP:
sysman ip-access snmp 192.168.0.100 192.168.0.100 sysman firewall snmp enable
To deny access to the specified subnet, we specify ip-refuse instead of ip-access, for example:
sysman ip-refuse telnet 192.168.1.200 192.168.1.220 sysman firewall telnet enable
On the test, I performed the settings for Huawei SmartAX MA5683T, they are essentially the same for the entire MA5600 series.