Switch 7700 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch Gigabit-LX Module

161

162

163

164

165

166

167

168

169

170

User LogonACL Control Configuration 157

Perform the following configuration in system view.

The SNMP community-name attribute is a feature of SNMP V1. Therefore, calling

an ACL for SNMP community name configuration can filter the access to SNMP V1

network management system.

The SNMP group-name and username attributes are features of SNMP V2 and

higher. Therefore, calling an ACL for a SNMP community name configuration can

filter the access to the network management system of SNMP V2 or higher. If you

configure ACL control in both commands, the switch filters the network

management users concerning both the features.

Note: You can call different ACLs for these commands. Only the numbered basic

ACL can be called for network management user control.

For more about the commands, refer to the “3Com Command Reference Guide”.

Example: Controlling

SNMP Users with ACL

Figure 5 illustrates a configuration that controls SNMP users with ACL.

Figure 5 Control SNMP user with ACL

Use the following commands to control SNMP users with ACL.

1 Define the basic ACLs.

[SW7700] acl number 20 match-order config

[SW7700-acl-basic-20] rule 1 permit source 10.110.100.52 0

[SW7700-acl-basic-20] quit

[SW7700] acl number 21 match-order config

[SW7700-acl-basic-21] rule 1 permit source 10.110.100.46 0

Tabl e 20 Define a Numbered Basic ACL

Operation Command

Call an ACL when configuring

SNMP community name.

snmp-agent community { read | write } community-name [

[ mib-view view-name ] | [ acl acl-number ] ]*

Call an ACL when configuring

SNMP group name.

snmp-agent group { v1 | v2c } group-name [ read-view

read-view ] [ write-view write-view ] [ notify-view

notify-view ] [ acl acl-list ]

snmp-agent group v3 group-name [ authentication |

privacy ] [ read-view read-view ] [ write-view write-view ] [

notify-view notify-view ] [ acl acl-list ]

Call an ACL when configuring

SNMP username.

snmp-agent usm-user { v1 | v2c } user-name group-name [

acl acl-list ]

snmp-agent usm-user v3 user-name group-name [

authentication-mode { md5 | sha } auth-password ] [

privacy des56 priv-password ] [ acl acl-list ]

Internet

Switch