Controlling Network Management Users By Source Ip Addresses - H3C S5100-SI Series Operation Manual

Operation Manual – Login
H3C S5100-SI/EI Series Ethernet Switches
III. Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Apply the ACL.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
9.3 Controlling Network Management Users by Source IP
Addresses
You can manage an S5100-SI/EI Ethernet switch through network management
software. Network management users can access switches through SNMP.
You need to perform the following two operations to control network management users
by source IP addresses.
Defining an ACL
Applying the ACL to control users accessing the switch through SNMP
To control whether an NMS can manage the switch, you can use this function.
9.3.1 Prerequisites
The controlling policy against network management users is determined, including the
source IP addresses to be controlled and the controlling actions (permitting or denying).

9.3.2 Controlling Network Management Users by Source IP Addresses

Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do...
Enter system view
Create a basic ACL
or enter basic ACL
view
Define rules for the
ACL
Quit to system view
Use the command...
system-view
acl number acl-number
[ match-order { auto | config } ]
rule [ rule-id ] { deny | permit }
[ rule-string ]
quit
9-4
Chapter 9 User Control
Remarks
—
As for the acl
number command,
the config keyword
is specified by
default.
Required
—