Controlling Network Management Users by Source IP Addresses

You can manage the device through network management software. Network management users can access switching engines through SNMP.

You need to perform the following two operations to control network management users by source IP addresses.

z

z

Defining an ACL

Applying the ACL to control users accessing the switching engine through SNMP

Prerequisites

The controlling policy against network management users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying).

Controlling Network Management Users by Source IP Addresses

Controlling network management users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.

Follow these steps to control network management users by source IP addresses:

 

To do…

 

Use the command…

Remarks

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

Required

 

Create a basic ACL or

 

acl number acl-number[ match-order

As for the acl number

 

enter basic ACL view

{ config auto } ]

command, the config keyword

 

 

 

 

is specified by default.

 

 

 

 

 

 

Define rules for the

 

rule [ rule-id] { deny permit }

Required

 

ACL

[ rule-string ]

 

 

 

 

 

 

 

 

Quit to system view

 

quit

 

 

 

 

 

 

Apply the ACL while

 

snmp-agent community { read

Optional

 

 

By default, SNMPv1 and

 

configuring the SNMP

 

write } community-name [ mib-view

 

 

SNMPv2c use community

 

community name

view-name acl acl-number ]*

 

name to access.

 

 

 

 

 

 

 

 

 

 

 

 

snmp-agent group { v1 v2c }

 

 

 

 

group-name [ read-viewread-view ]

 

 

 

 

[ write-view write-view] [ notify-view

Optional

 

Apply the ACL while

 

notify-view ] [ acl acl-number ]

By default, the authentication

 

configuring the SNMP

 

snmp-agent group v3 group-name

mode and the encryption mode

 

group name

 

[ authentication privacy ]

are configured as none for the

 

 

 

[ read-view read-view] [ write-view

group.

 

 

 

write-view ] [ notify-viewnotify-view ]

 

 

 

 

[ acl acl-number ]

 

 

 

 

 

 

 

 

 

snmp-agent usm-user { v1 v2c }

 

 

 

 

user-name group-name [ acl

 

 

Apply the ACL while

acl-number ]

 

 

snmp-agent usm-user v3 user-name

 

 

configuring the SNMP

Optional

 

user name

 

group-name [ cipher ]

 

 

 

[ authentication-mode { md5 sha }

 

 

 

auth-password[ privacy-mode des56

 

 

 

priv-password ] [ acl acl-number ]

 

 

 

 

 

 

7-4

Page 51
Image 51
3Com WX3000 operation manual Controlling Network Management Users by Source IP Addresses