Operation Manual – Login
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control
Huawei Technologies Proprietary
8-7
II. Network diagram
Internet
Sw itc h
Internet
Sw itc h
Figure 8-2 Network diagram for controlling SNMP users using ACLs
III. Configuration procedure
# Define a basic ACL.
<Quidway> system-view
[Quidway] acl number 2000 match-order config
[Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Quidway-acl-basic-2000] rule 3 deny source any
[Quidway-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[Quidway] snmp-agent community read aaa acl 2000
[Quidway] snmp-agent group v2c groupa acl 2000
[Quidway] snmp-agent usm-user v2c usera groupa acl 2000
8.4 Controlling Web Users by Source IP Address
You can manage a Quidway series Ethernet switch remotely through Web. Web users
can access a switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP
addresses.
z Defining an ACL
z Applying the ACL to control Web users
8.4.1 Prerequisites
The controlling policy against Web users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).