Operation Manual – Login
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8
User Control
8-7
8.3.3 Configuration Example
I. Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
II. Network diagram
Internet
Sw itc h
Internet
Sw itc h
s
Figure 8-2 Network diagram for controlling SNMP users using ACL
III. Configuration procedure
# Define a basic ACL.
<H3C> system-view
[H3C] acl number 2000 match-order config
[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[H3C-acl-basic-2000] rule 3 deny source any
[H3C-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[H3C] snmp-agent community read aaa acl 2000
[H3C] snmp-agent group v2c groupa acl 2000
[H3C] snmp-agent usm-user v2c usera groupa acl 2000
8.4 Controlling Web Users by Source IP Address
You can manage an S3600 Ethernet switch remotely through Web. Web users can
access a switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP
addresses.
z Defining an ACL
z Applying the ACL to control Web users
To Next Page
Loading...
Need help?
General