Controlling Web Users By Source Ip Address - H3C S5100-SI Series Operation Manual

Operation Manual – Login
H3C S5100-SI/EI Series Ethernet Switches
III. Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 to access the switch.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

9.4 Controlling Web Users by Source IP Address

You can manage an S5100-SI/EI Ethernet switch remotely through Web. Web users
can access a switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP
addresses.
Defining an ACL
Applying the ACL to control Web users
To control whether a Web user can manage the switch, you can use this function.
9.4.1 Prerequisites
The controlling policy against Web users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).
9.4.2 Controlling Web Users by Source IP Addresses
Controlling Web users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999.
Follow these steps to control Web users by source IP addresses:
Enter system view
Create a basic ACL or
enter basic ACL view
Define rules for the
ACL
Quit to system view
To do...
system-view
acl number acl-number
[ match-order { config |
auto } ]
rule [ rule-id ] { deny |
permit } [ rule-string ]
quit
Use the command...
9-6
Chapter 9 User Control
Remarks
—
As for the acl number
command, the config
keyword is specified by
default.
Required
—