R3166-R3206-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

161

162

163

164

165

166

167

168

169

170

159

acl acl-number: Associates a basic ACL with the user. acl-number is in the range 2000 to 2999. By using

a basic ACL, you can restrict the source IP address of SNMP packets, that is, you can configure to allow

or prohibit SNMP packets with a specific source IP address, so as to allow or prohibit the specified NMS

to access the agent by using this user name.

Description

Use the snmp-agent usm-user { v1 | v2c } command to add a user to an SNMP group.

Use the undo snmp-agent usm-user { v1 | v2c } command to delete a user from an SNMP group.

As defined in the SNMP protocol, in SNMPv1 and SNMPv2c networking applications, the NMS and the

agent use community name to authenticate each other; in SNMPv3 networking applications, they use

user name to authenticate each other. If you prefer using the user name in the authentication, the device

supports configuration of SNMPv1 and SNMPv2c users. Creating an SNMPv1 or SNMPv2c user equals

adding of a new read-only community name. After you add the user name into the read-only community

name field of the NMS, the NMS can establish SNMP connection with the device.

To make the configured user take effect, create an SNMP group first.

Related commands: snmp-agent group, snmp-agent community, and snmp-agent usm-user v3.

Examples

# Create a v2c user userv2c in group readCom.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom

• Set the SNMP version on the NMS to SNMPv2c

• Fill in the read community name userv2c, and then the NMS can access the agent

# Create a v2c user userv2c in group readCom, allowing only the NMS with the IP address of 1.1.1.1 to

access the agent by using this user name; other NMSs are not allowed to access the agent by using this

user name.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-basic-2001] rule deny source any

[Sysname-acl-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001

• Set the IP address of the NMS to 1.1.1.1

• Set the SNMP version on the NMS to SNMPv2c

• Fill in both the read community and write community options with userv2c, and then the NMS can

access the agent.

snmp-agent usm-user v3

Syntax

snmp-agent usm-user v3 user-name group-name [ cipher ] [ authentication-mode { md5 | sha }

auth-password [ privacy-mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-number ]