Controlling Network Management Users By Source Ip Addresses - H3C S7500 Series Operation Manual

Operation Manual – Login
H3C S7500 Series Ethernet Switches
Define rules for the ACL
Return to system view
Enter user interface view
Apply the ACL to control
Telnet users by specified
source and destination IP
addresses
6.3 Controlling Network Management Users by Source IP
Addresses
You can manage a H3C series Ethernet switch through network management software.
Network management users can access switches through SNMP.
You need to perform the following two operations to control network management users
by source IP addresses.
Defining an ACL
Applying the ACL to control users accessing the switch through SNMP
6.3.1 Prerequisites
The controlling policy against network management users is determined, including the
source IP addresses to be controlled and the controlling actions (permitting or denying).
To do...
rule [ rule-id ] { permit |
deny } protocol [ source
{ source-addr wildcard |
any } ] [ destination
{ dest-addr dest-mask |
any } ] [ source-port
operator port1 [ port2 ] ]
[ destination-port
operator port1 [ port2 ] ]
[ icmp-type type code ]
[ established ]
[ [ precedence
precedence | tos tos ]* |
dscp dscp ] [ fragment ]
[ time-range time-name ]
quit
user-interface [ type ]
first-number
[ last-number ]
acl acl-number { inbound
| outbound }
Use the command...
6-3
Chapter 6 User Control
Remarks
Required
You can define rules as
needed to filter by specific
source and destination IP
addresses.
—
—
Required
The inbound keyword
specifies to filter the users
trying to Telnet to the
current switch.
The outbound keyword
specifies to filter users
trying to Telnet to other
switches from the current
switch.