H3C S7500 Series Operation Manual page 88

Operation Manual – Login
H3C S7500 Series Ethernet Switches
6.3.2 Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do...
Enter system view
Create a basic ACL
or enter basic ACL
view
Define rules for the
ACL
Return to system
view
Apply the ACL while
configuring the
SNMP community
name
Apply the ACL while
configuring the
SNMP group name
Apply the ACL while
configuring the
SNMP user name
Use the command...
system-view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] }
[ match-order { config |
auto } ]
rule [ rule-id ] { permit | deny }
[ source { source-addr wildcard
| any } | fragment | time-range
time-name ]*
quit
snmp-agent community
{ read | write }
community-name [ mib-view
view-name | acl acl-number ]*
snmp-agent group { v1 | v2c }
group-name [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3
group-name [ authentication |
privacy ] [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent usm-user { v1 |
v2c } user-name group-name
[ acl acl-number ]
snmp-agent usm-user v3
user-name group-name
[ authentication-mode { md5 |
sha } auth-password
privacy-mode des56
priv-password ] [ acl
acl-number ]
6-4
Chapter 6 User Control
Remarks
—
As for the acl number
command, the config
keyword is specified by
default.
Required
—
Optional
By default, SNMPv1 and
SNMPv2c use community
name to access.
Optional
By default, the
authentication mode and
the encryption mode are
configured as none for the
snmp-agent group v3
group-name command.
Optional