H3C S7500 Series Operation Manual page 89

Operation Manual – Login
H3C S7500 Series Ethernet Switches
Note:
You can specify different ACLs while configuring the SNMP community name, the
SNMP group name, and the SNMP user name.
As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs
in the command that configures SNMP community names (the snmp-agent
community command) take effect in the network management systems that adopt
SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP user name are features of SNMPv2c and
the higher SNMP versions, the specified ACLs in the commands that configure SNMP
group names and SNMP user names take effect in the network management systems
that adopt SNMPv2c or higher SNMP versions. If you specify ACLs in the two
commands, the network management users are filtered by both SNMP group name
and SNMP user name.
6.3.3 Configuration Example
I. Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
II. Network diagram
Switch
Figure 6-1 Network diagram for controlling SNMP users using ACL
III. Configuration procedure
# Define a basic ACL.
<H3C> system-view
[H3C] acl number 2000 match-order config
[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[H3C-acl-basic-2000] rule 3 deny source any
[H3C-acl-basic-2000] quit
Internet
PC2
10.110.100.52
PC1
10.110.100.46
6-5
Chapter 6 User Control
s