Configuring source IP-based login control over
NMS users
You can log in to the NMS to remotely manage the devices. SNMP is used for communication between
the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user access
to the device.
Configuration preparation
Before configuration, determine the permitted or denied source IP addresses.
Configuring source IP-based login control over NMS users
Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source
IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For more
information about ACL, see ACL and QoS Configuration Guide.
Follow these steps to configure source IP-based login control over NMS users:
To do...
Enter system view
Create a basic ACL and enter its
view, or enter the view of an
existing basic ACL
Create rules for this ACL
Exit the basic ACL view
Associate this SNMP community
with the ACL
Associate the SNMP group with
the ACL
Use the command...
system-view
acl [ ipv6 ] number acl-number
[ match-order { config | auto } ]
rule [ rule-id ] { permit | deny }
[ source { sour-addr sour-wildcard |
any } | time-range time-name |
fragment | logging ]*
quit
snmp-agent community { read |
write } community-name [ acl
acl-number | mib-view
view-name ]*
snmp-agent group { v1 | v2c }
group-name [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ]
[ read-view read-view ]
[ write-view write-view ]
[ notify-view notify-view ] [ acl
acl-number ]
71
Remarks
—
Required
By default, no basic ACL exists.
Required
—
Required
You can associate the ACL when
creating the community, the SNMP
group, and the user.
For more information about
SNMP, see Network Management
and Monitoring Configuration
Guide.