Configuration example, Network requirements, Network diagram – H3C Technologies H3C WX6000 Series Access Controllers User Manual

6-5

As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs in the command
that configures SNMP community names (the snmp-agent community command) take effect in the
network management systems that adopt SNMPv1 or SNMPv2c.

Similarly, as SNMP group name and SNMP user name are features of SNMPv2c and the higher SNMP
versions, the specified ACLs in the commands that configure SNMP group names (the snmp-agent

group

command and the snmp-agent group v3 command) and SNMP user names (the snmp-agent

usm-user

command and the snmp-agent usm-user v3 command) take effect in the network

management systems that adopt SNMPv2c or higher SNMP versions. If you configure both the SNMP
group name and the SNMP user name and specify ACLs in the two operations, the access controller
will filter network management users by both SNMP group name and SNMP user name.

Configuration Example

Network requirements

Only SNMP users sourced from the IP addresses of 10.110.100.52 is permitted to access the access
controller.

Network diagram

Figure 6-2

Network diagram for controlling SNMP users using ACLs

Configuration procedure

# Define a basic ACL.

<H3C> system-view

[H3C] acl number 2000 match-order config

[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[H3C-acl-basic-2000] quit

# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access
the access controller.

[H3C] snmp-agent community read h3c acl 2000

[H3C] snmp-agent group v2c h3cgroup acl 2000

[H3C] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000