Manualshelf

3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
71727374757677787980
78 CHAPTER 7: USER CONTROL
As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified
ACLs in the command that configures SNMP community names (the snmp-agent
community command) take effect in the network management systems that
adopt SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP user are features of SNMPv2c and the
higher SNMP versions, the specified ACLs in the commands that configure SNMP
group names and SNMP user names take effect in the network management
systems that adopt SNMPv2c or higher SNMP versions. If you specify ACLs in the
two commands, the network management users are filtered by both SNMP group
name and SNMP user name.
Configuration Example Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and
10.110.100.46 are permitted to access the switch.
Network diagram
Figure 20 Network diagram for controlling SNMP users using ACLs
Configuration procedure
# Define a basic ACL.
<SW7750> system-view
[SW7750] acl number 2000 match-order config
[SW7750-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[SW7750-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[SW7750-acl-basic-2000] rule 3 deny source any
[SW7750-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[SW7750] snmp-agent community read aaa acl 2000
[SW7750] snmp-agent group v2c groupa acl 2000
[SW7750] snmp-agent usm-user v2c usera groupa acl 2000
Internet
Sw itc h
Internet
Sw itc h