Configuration Example; Controlling Web Users By Source Ip Address - Huawei Quidway S3100 Series Operation Manual

Operation Manual – Login
Quidway S3100 Series Ethernet Switches

7.3.3 Configuration Example

I. Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
II. Network diagram
Internet Internet
Sw itch Sw itch
Figure 7-2 Network diagram for controlling SNMP users using ACL
III. Configuration procedure
# Define a basic ACL.
<Quidway> system-view
[Quidway] acl number 2000 match-order config
[Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Quidway-acl-basic-2000] rule 3 deny source any
[Quidway-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[Quidway] snmp-agent community read huawei acl 2000
[Quidway] snmp-agent group v2c huaweigroup acl 2000
[Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2000

7.4 Controlling Web Users by Source IP Address

You can manage a Quidway series Ethernet switch remotely through Web. Web users
can access a switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP
addresses.
Defining an ACL
Applying the ACL to control Web users
Huawei Technologies Proprietary
7-6
Chapter 7 Controlling Login Users
s