3Com 4200G 12-Port Configuration Manual page 52

38 C 7: C
HAPTER ONTROLLING
Configuration Example
L U
OGIN SERS
As SNMP community name is a feature of SNMP V1 and SNMP V2, the specified ACLs
in the command that configures SNMP community names (the snmp-agent
community command) take effect in the network management systems that adopt
SNMP V1 or SNMP V2.
Similarly, as SNMP group name and SNMP user name are features of SNMP V2 and
the higher SNMP versions, the specified ACLs in the commands that configure SNMP
group names (the snmp-agent group command and the snmp-agent group v3
command) and SNMP user names (the snmp-agent usm-user command and the
snmp-agent usm-user v3 command) take effect in the network management
systems that adopt SNMP V2 or higher SNMP versions. If you configure both the
SNMP group name and the SNMP user name and specify ACLs in the two operations,
the switch will filter network management users by both SNMP group name and
SNMP user name.
Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
Network diagram
Figure 17 Network diagram for controlling SNMP users using ACLs
Configuration procedure
1 Define a basic ACL.
<S4200G> system-view
[4200G] acl number 2000 match-order config
[4200G-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[4200G-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[4200G-acl-basic-2000] rule 3 deny source any
[4200G-acl-basic-2000] quit
2 Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[4200G] snmp-agent community read 3Com acl 2000
[4200G] snmp-agent group v2c 3Comgroup acl 2000
[4200G] snmp-agent usm-user v2c 3Comuser 3Comgroup acl 2000
Internet Internet
Sw itch Sw itch