Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
71727374757677787980
Operation Manual – Login
H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users
7-6
community command) take effect in the network management systems that adopt
SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP user name are features of SNMPv2c and
the higher SNMP versions, the specified ACLs in the commands that configure SNMP
group names (the snmp-agent group command and the snmp-agent group v3
command) and SNMP user names (the snmp-agent usm-user command and the
snmp-agent usm-user v3 command) take effect in the network management systems
that adopt SNMPv2c or higher SNMP versions. If you configure both the SNMP group
name and the SNMP user name and specify ACLs in the two operations, the switch will
filter network management users by both SNMP group name and SNMP user name.
7.3.3 Configuration Example
I. Network requirements
Only SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46
are permitted to access the switch.
II. Network diagram
Switch
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Figure 7-2 Network diagram for controlling SNMP users using ACLs
III. Configuration procedure
# Define a basic ACL.
<H3C> system-view
[H3C] acl number 2000 match-order config
[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[H3C-acl-basic-2000] rule 3 deny source any
[H3C-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[H3C] snmp-agent community read h3c acl 2000
[H3C] snmp-agent group v2c h3cgroup acl 2000