Operation Manual – Login
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8
User Control
8-5
<H3C> system-view
[H3C] acl number 2000 match-order config
[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[H3C-acl-basic-2000] rule 3 deny source any
[H3C-acl-basic-2000] quit
# Apply the ACL.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] acl 2000 inbound
8.3 Controlling Network Management Users by Source IP
Addresses
You can manage an S3600 Ethernet switch through network management software.
Network management users can access switches through SNMP.
You need to perform the following two operations to control network management users
by source IP addresses.
z Defining an ACL
z Applying the ACL to control users accessing the switch through SNMP
8.3.1 Prerequisites
The controlling policy against network management users is determined, including the
source IP addresses to be controlled and the controlling actions (permitting or denying).
8.3.2 Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.
Table 8-5 Control network management users by source IP addresses
Operation Command Description
Enter system view
system-view
—
Create a basic ACL
or enter basic ACL
view
acl number acl-number
[ match-order { config |
auto } ]
As for the acl number
command, the config
keyword is specified by
default.
Define rules for the
ACL
rule [ rule-id ] { permit |
deny } [ fragment | source
{ sour-addr sour-wildcard |
any } | time-range
time-name ]*
Required
Quit to system view
quit
—
To Next Page
Loading...
Need help?
General