39
Figure 16 Network diagram
Configuration procedure
# Create an ACL to permit packets sourced from Host A and Host B.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Configuring command authorization
By default, commands are available for a user depending only on that user's user roles. When the
authentication mode is scheme, you can configure the command authorization feature to further
control access to commands.
After you enable command authorization, a user can use only commands that are permitted by both
the AAA scheme and user role.
This section provides the procedure for configuring command authorization. To make the command
authorization feature take effect, you must configure a command authorization method in ISP
domain view. For more information, see Security Configuration Guide.
Configuration procedure
To configure command authorization:
1. Enter system view.
system-view
N/A
2. Enter user line view or
user line class view.
• Enter user line view:
line { first-number1
[ last-number1 ] | { aux | vty }
first-number2
[ last-number2 ] }
• Enter user line class view:
A setting in user line view is applied only
to the user line. A setting in user line class
view is applied to all user lines of the
class.
A non-default setting in either view takes
precedence over a default setting in the
Host B
10.110.100.52
Device
IP network
Host A
10.110.100.46
To Next Page
Loading...
Need help?
General