Prerequisites, Configuration example, Network requirements – H3C Technologies H3C S3100 Series Switches User Manual
Page 71: Section, Controlling network management, Users by source ip addresses
7-4
Controlling Network Management Users by Source IP Addresses
You can manage an S3100 Ethernet switch through network management software. Network
management users can access switches through SNMP.
You need to perform the following two operations to control network management users by source IP
addresses.
z
Defining an ACL
z
Applying the ACL to control users accessing the switch through SNMP
Prerequisites
The controlling policy against network management users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).
Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do…
Use the command…
Remarks
Enter system view
system-view —
Create a basic ACL or
enter basic ACL view
acl number acl-number [ match-order { auto |
config } ]
As for the acl number
command, the config
keyword is specified by
default.
Define rules for the ACL
rule [ rule-id ] { deny | permit } [ rule-string ]
Required
Quit to system view
quit
—
Apply the ACL while
configuring the SNMP
community name
snmp-agent community { read | write }
community-name [ acl acl-number | mib-view
view-name ]*
Apply the ACL while
configuring the SNMP
group name
snmp-agent group { v1 | v2c } group-name
[ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
Apply the ACL while
configuring the SNMP user
name
snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
snmp-agent usm-user v3 user-name
group-name [ [ cipher ] authentication-mode
{ md5 | sha } auth-password [ privacy-mode
{ des56 | aes128 } priv-password ] ] [ acl
acl-number ]
Required
According to the SNMP
version and configuration
customs of NMS users, you
can reference an ACL when
configuring community
name, group name or
username. For the detailed
configuration, refer to
SNMP-RMON for more.
Configuration Example
Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log into the switch.