Configuration procedure, Configuring web login control, Configuring source ip-based web login control – H3C Technologies H3C SecBlade LB Cards User Manual

90

Figure 53 Network diagram

Configuration procedure

# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit

packets sourced from Host A.

<LB> system-view

[LB] acl number 2000 match-order config

[LB-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[LB-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[LB-acl-basic-2000] quit

# Associate the ACL with the SNMP community and the SNMP group.

[LB] snmp-agent community read aaa acl 2000

[LB] snmp-agent group v2c groupa acl 2000

[LB] snmp-agent usm-user v2c usera groupa acl 2000

Configuring Web login control

Use a basic ACL (2000 to 2999) to filter HTTP/HTTPS traffic by source IP address for Web login control.

To access the LB product, a Web user must use an IP address permitted by the ACL.
You can also log off suspicious Web users that have been logged in.

Configuring source IP-based Web login control

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a basic ACL and enter
its view, or enter the view of

an existing basic ACL.

acl [ ipv6 ] number acl-number
[ name name ] [ match-order

{ config | auto } ]

By default, no basic ACL exists.

3.

Create rules for this ACL.

rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |

source { sour-addr sour-wildcard |
any } | time-range

time-range-name | vpn-instance

vpn-instance-name ] *

N/A

Host B

10.110.100.52

LB

IP network

Host A

10.110.100.46