You can specify different ACLs while configuring the SNMP community name, SNMP group name, and SNMP user name.

As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs in the command that configures SNMP community names (the snmp-agent community command) take effect in the network management systems that adopt SNMPv1 or SNMPv2c.

Similarly, as SNMP group name and SNMP username name are a feature of SNMPv2c and the higher SNMP versions, the specified ACLs in the commands that configure SNMP group names and SNMP user names take effect in the network management systems that adopt SNMPv2c or higher SNMP versions. If you specify ACLs in the commands, the network management users are filtered by the SNMP group name and SNMP user name.

Configuration Example

Network requirements

As shown in Figure 7-2, only SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log in to the switching engine.

Figure 7-2Network diagram for controlling SNMP users using ACLs

Configuration procedure

# Define a basic ACL. <device> system-view [device] acl number 2000

[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[device-acl-basic-2000] quit

#Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access the switching engine.

[device] snmp-agent community read aaa acl 2000

[device] snmp-agent group v2c groupa acl 2000

[device] snmp-agent usm-user v2c usera groupa acl 2000

Controlling Web Users by Source IP Address

You can manage the device remotely through Web. Web users can access the switching engine through HTTP connections.

You need to perform the following two operations to control Web users by source IP addresses.

zDefining an ACL

7-5

Page 52
Image 52
3Com WX3000 Controlling Web Users by Source IP Address, 2Network diagram for controlling Snmp users using ACLs