216
ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999.
name ipv6-acl-name: Specifies a basic IPv6 ACL for the user. The ipv6-acl-name argument
represents a basic IPv6 ACL name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command is not available in FIPS mode.
On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the
community name. On an SNMPv3 network, NMSs and agents authenticate each other by using the
username.
You can create an SNMPv1 or SNMPv2c community by using either of the following ways:
• Execute the snmp-agent community command.
• Execute the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands
to create an SNMPv1 or SNMPv2c user and the group that the user is assigned to. The system
automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs from
accessing the agent. Only the NMSs permitted by the ACLs for both the user and group can access
the SNMP agent. The following rules apply to the ACLs for the user and group:
• If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not
have any rules, all NMSs that use the username can access the SNMP agent.
• If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can
access the agent.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c
and the read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom
# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the
protocol SNMPv2c and read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-ipv4-basic-2001] rule deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.2 can use the
protocol SNMPv2c and read-only community name userv2c to access the device.
To Next Page
Loading...
Need help?
General
