Figure 78 Network diagram

Host A

10.110.100.46

IP network

Firewall

Host B

10.110.100.52

Configuration procedure

#Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A.

<Firewall> system-view

[Firewall] acl number 2000 match-order config [Firewall-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Firewall-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Firewall-acl-basic-2000] quit

#Reference ACL 2000 on user interfaces VTY 0 through VTY 4 so only Host A and Host B can Telnet to the firewall.

[Firewall] user-interface vty 0 4 [Firewall-ui-vty0-4] acl 2000 inbound

Configuring source IP-based SNMP login control

Use a basic ACL (2000 to 2999) to control SNMP logins by source IP address. To access the requested MIB view, an NMS must use a source IP address permitted by the ACL.

To configure source IP-based SNMP login control:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

 

 

 

 

 

By default, no basic

 

 

ACL exists.

2. Create a basic ACL and

 

NOTE:

enter its view, or enter the

acl [ ipv6 ] number acl-number[ name name ]

Support for the ipv6

view of an existing basic

[ match-order { config auto } ]

keyword depends on

ACL.

 

the device model. For

 

 

more information, see

 

 

Getting Started

 

 

Command Reference.

116