7-4
Controlling Network Management Users by Source IP Addresses
You can manage an S3100 Ethernet switch through network management software. Network
management users can access switches through SNMP.
You need to perform the following two operations to control network management users by source IP
addresses.
z Defining an ACL
z Applying the ACL to control users accessing the switch through SNMP
Prerequisites
The controlling policy against network management users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).
Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a basic ACL or
enter basic ACL view
acl number
acl-number [
match-order
{
auto
|
config
} ]
As for the
acl number
command, the
config
keyword is specified by
default.
Define rules for the ACL
rule
[ rule-id ] {
deny |
permit
} [ rule-string ] Required
Quit to system view
quit
—
Apply the ACL while
configuring the SNMP
community name
snmp-agent community
{
read
|
write
}
community-name [
acl
acl-number |
mib-view
view-name ]*
Apply the ACL while
configuring the SNMP
group name
snmp-agent group
{
v1
|
v2c
} group-name
[
read-view
read-view ] [
write-view
write-view ]
[
notify-view
notify-view ] [
acl
acl-number ]
snmp-agent group
v3
group-name
[
authentication
|
privacy
] [
read-view
read-view ] [
write-view
write-view ] [
notify-view
notify-view ] [
acl
acl-number ]
Apply the ACL while
configuring the SNMP user
name
snmp-agent usm-user
{
v1
|
v2c
} user-name
group-name [
acl
acl-number ]
snmp
-
agent usm
-
user
v3
user-name
group-name [ [
cipher
]
authentication
-
mode
{
md5
|
sha
} auth-password [
privacy
-
mode
{
des56
|
aes128
}
priv-password ] ] [
acl
acl-number ]
Required
According to the SNMP
version and configuration
customs of NMS users, you
can reference an ACL when
configuring community
name, group name or
username. For the detailed
configuration, refer to
SNMP-RMON for more.
Configuration Example
Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log into the switch.
To Next Page
Loading...
Need help?
General