H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – Login
H3C S7500 Series Ethernet Switches Chapter 6
User Control
6-4
6.3.2 Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a basic ACL
or enter basic ACL
view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] }
[ match-order { config |
auto } ]
As for the acl number
command, the config
keyword is specified by
default.
Define rules for the
ACL
rule [ rule-id ] { permit | deny }
[ source { source-addr wildcard
| any } | fragment | time-range
time-name ]*
Required
Return to system
view
quit —
Apply the ACL while
configuring the
SNMP community
name
snmp-agent community
{ read | write }
community-name [ mib-view
view-name | acl acl-number ]*
Optional
By default, SNMPv1 and
SNMPv2c use community
name to access.
Apply the ACL while
configuring the
SNMP group name
snmp-agent group { v1 | v2c }
group-name [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3
group-name [ authentication |
privacy ] [ read-view
read-view ] [ write-view
write-view ] [ notify-view
notify-view ] [ acl acl-number ]
Optional
By default, the
authentication mode and
the encryption mode are
configured as none for the
snmp-agent group v3
group-name command.
Apply the ACL while
configuring the
SNMP user name
snmp-agent usm-user { v1 |
v2c } user-name group-name
[ acl acl-number ]
snmp-agent usm-user v3
user-name group-name
[ authentication-mode { md5 |
sha } auth-password
privacy-mode des56
priv-password ] [ acl
acl-number ]
Optional