Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Getting Started Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
93
Before configuration, determine the permitted or denied source IP addresses.
Configuring source IP-based SNMP login control
Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source
IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For more
information about ACL, see Access Control Configuration Guide.
To configure source IP-based SNMP login control:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a basic ACL and enter
its view, or enter the view of
an existing basic ACL.
acl [ ipv6 ] number acl-number
[ name acl-name ] [ match-order
{ config | auto } ]
By default, no basic ACL exists.
3. Create rules for this ACL.
rule [ rule-id ] { permit | deny }
[ source { sour-addr sour-wildcard |
any } | time-range time-name |
fragment | logging ]*
N/A
4. Exit the basic ACL view.
quit N/A
5. Associate this SNMP
community with the ACL.
snmp-agent community { read |
write } community-name [ acl
acl-number | mib-view
view-name ]*
You can associate the ACL when
creating the community, the SNMP
group, and the user.
For more information about
SNMP, see System Management
and Maintenance Configuration
Guide.
6. Associate the SNMP group
with the ACL.
snmp-agent group { v1 | v2c }
group-name [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ]
[ read-view read-view ]
[ write-view write-view ]
[ notify-view notify-view ] [ acl
acl-number ]
7. Associate the user with the
ACL.
snmp-agent usm-user { v1 | v2c }
user-name group-name [ acl
acl-number ]
snmp-agent usm-user v3
user-name group-name [ [ cipher ]
authentication-mode { md5 | sha }
auth-password [ privacy-mode
{ 3des | aes128 | des56 }
priv-password ] ] [ acl acl-number ]
Source IP-based SNMP login control configuration example
Network requirements
As shown in Figure 58, configure Firewall to allow only NMS users from Host A and Host B to access.