Controlling Web Users By Source Ip Addresses; Prerequisites - H3C S5810 Series Operation Manual

Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] rule 3 deny source any
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 to access the switch.
[Sysname] snmp-agent community read h3c acl 2000
[Sysname] snmp-agent group v2c h3cgroup acl 2000
[Sysname] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000

Controlling Web Users by Source IP Addresses

The S5820X&S5800 series Ethernet switches support Web-based remote management, which allows
Web users to access the switches using the HTTP protocol. By referencing access control lists (ACLs),
you can control the access of Web users to the switches.

Prerequisites

The control policies to be implemented on Web users are decided, including the source IP addresses to
be controlled and the control action, that is, whether to allow or deny the access.
Controlling Web Users by Source IP Addresses
This feature is achieved through the configuration of basic ACLs, the numbers of which are in the range
2000 to 2999. For the definition of ACLs, see ACL Configuration in the Security Volume.
Follow these steps to configure controlling Web users by source IP addresses:
To do...
Enter system view
Create a basic ACL or enter
basic ACL view
Define rules for the ACL
Quit to system view
Reference the ACL to control
Web users
Use the command...
system-view
acl [ ipv6 ] number acl-number
[ match-order { config | auto } ]
rule [ rule-id ] { permit | deny } [ source
{ sour-addr sour-wildcard | any } |
time-range time-name | fragment |
logging ]*
quit
ip http acl acl-number
8-6
Remarks
—
Required
The config keyword is
specified by default.
Required
—
Required