Network diagram
Figure 8-2 Network diagram for controlling SNMP users using ACLs
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] rule 3 deny source any
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 to access the switch.
[Sysname] snmp-agent community read 3com acl 2000
[Sysname] snmp-agent group v2c 3comgroup acl 2000
[Sysname] snmp-agent usm-user v2c 3comuser 3comgroup acl 2000
Switch
8-6