Controlling Web Users By Source Ip Address - Huawei Quidway S5600 Series Operation Manual

Operation Manual – Login
Quidway S5600 Series Ethernet Switches-Release 1510
group names (the snmp-agent group command and the snmp-agent group v3
command) and SNMP user names (the snmp-agent usm-user command and the
snmp-agent usm-user v3 command) take effect in the network management systems
that adopt SNMP v2c or higher SNMP versions. If you configure both the SNMP group
name and the SNMP user name and specify ACLs in the two operations, the switch will
filter network management users by both SNMP group name and SNMP user name.
8.3.3 Configuration Example
I. Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
II. Network diagram
Internet Internet
Sw itch Sw itch
Figure 8-2 Network diagram for controlling SNMP users using ACLs
III. Configuration procedure
# Define a basic ACL.
<Quidway> system-view
[Quidway] acl number 2000 match-order config
[Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Quidway-acl-basic-2000] rule 3 deny source any
[Quidway-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[Quidway] snmp-agent community read aaa acl 2000
[Quidway] snmp-agent group v2c groupa acl 2000
[Quidway] snmp-agent usm-user v2c usera groupa acl 2000

8.4 Controlling Web Users by Source IP Address

You can manage a Quidway series Ethernet switch remotely through Web. Web users
can access a switch through HTTP connections.
Huawei Technologies Proprietary
8-7
Chapter 8 User Control