8-5
To do… Use the command… Remarks
Apply the ACL while
configuring the SNMP
group name
snmp-agent group { v1 | v2c } group-name
[ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
Apply the ACL while
configuring the SNMP
user name
snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
snmp-agent usm-user v3 user-name
group-name [ [ cipher ] authentication-mode
{ md5 | sha } auth-password [ privacy-mode
{ 3des | aes128 | des56 } priv-password ] ] [ acl
acl-number ]
and
configuration
customs of NMS
users, you can
reference an
ACL when
configuring
community
name, group
name or
username. For
the detailed
configuration,
refer to SNMP
Configuration in
the System
Volume.
Configuration Example
Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 are permitted to
access the switch.
Figure 8-2 Network diagram for controlling SNMP users using ACLs
Switch
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] rule 3 deny source any
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 to access the switch.
[Sysname] snmp-agent community read 3com acl 2000
[Sysname] snmp-agent group v2c 3comgroup acl 2000
[Sysname] snmp-agent usm-user v2c 3comuser 3comgroup acl 2000
To Next Page
Loading...
