H3C S5500-SI Series Operation Manual page 960

To do...
Apply the ACL while
configuring the SNMP user
name
Configuration Example
Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 are permitted to
access the switch.
Figure 7-2 Network diagram for controlling SNMP users using ACLs
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] rule 3 deny source any
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 to access the switch.
[Sysname] snmp-agent community read h3c acl 2000
[Sysname] snmp-agent group v2c h3cgroup acl 2000
[Sysname] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000
Use the command...
snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
snmp-agent usm-user v3 user-name group-name
[ [ cipher ] authentication-mode { md5 | sha }
auth-password [ privacy-mode { 3des | aes128 |
des56 } priv-password ] ] [ acl acl-number ]
Switch
7-5
Remarks
name, group
name or
username. For
the detailed
configuration,
refer to SNMP
Configuration in
the System
Volume.