Figure 79 Network diagram

Host A

10.110.100.46

IP network

Firewall

Host B

10.110.100.52

Configuration procedure

#Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A.

<Firewall> system-view

[Firewall] acl number 2000 match-order config [Firewall-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Firewall-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Firewall-acl-basic-2000] quit

# Associate the ACL with the SNMP community and the SNMP group.

[Firewall] snmp-agent community read aaa acl 2000

[Firewall] snmp-agent group v2c groupa acl 2000

[Firewall] snmp-agent usm-user v2c usera groupa acl 2000

Configuring Web login control

Use a basic ACL (2000 to 2999) to filter HTTP/HTTPS traffic by source IP address for Web login control. To access the device, a Web user must use an IP address permitted by the ACL.

You can also log off suspicious Web users that have been logged in.

Configuring source IP-based Web login control

Step

Command

Remarks

1. Enter system view.

system-view

N/A

 

 

 

 

 

By default, no basic ACL exists.

2. Create a basic ACL and enter

acl [ ipv6 ] number acl-number

NOTE:

Support for the ipv6

its view, or enter the view of

[ name name ] [ match-order

ipv6-acl-numberoption depends on

an existing basic ACL.

{ config auto } ]

the device model. For more

 

 

 

 

information, see Getting Started

 

 

Command Reference.

118