Controlling Web Users by Source IP Address 79
As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified
ACLs in the command that configures SNMP community names (the snmp-agent
community command) take effect in the network management systems that
adopt SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP user name are features of SNMPv2c and
the higher SNMP versions, the specified ACLs in the commands that configure
SNMP group names (the snmp-agent group command and the snmp-agent
group v3 command) and SNMP user names (the snmp-agent usm-user
command and the snmp-agent usm-user v3 command) take effect in the
network management systems that adopt SNMPv2c or higher SNMP versions. If
you configure both the SNMP group name and the SNMP user name and specify
ACLs in the two operations, the switch will filter network management users by
both SNMP group name and SNMP user name.
Configuration Example Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 are permitted to access the switch.
Network diagram
Figure 23 Network diagram for controlling SNMP users using ACLs
Configuration procedure
# Define a basic ACL.
<SW4800G> system-view
[SW4800G] acl number 2000 match-order config
[SW4800G-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[SW4800G-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[SW4800G-acl-basic-2000] rule 3 deny source any
[SW4800G-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[SW4800G] snmp-agent community read h3c acl 2000
[SW4800G] snmp-agent group v2c h3cgroup acl 2000
[SW4800G] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000
Controlling Web Users
by Source IP Address
You can manage a Switch 4800G remotely through Web. Web users can access a
switch through HTTP connections.
Switch
10.110.100.46
Host A
IP network
Host B
10.110.100.52
To Next Page
Loading...
