Iii. configuration procedure, 1 prerequisites, Controlling network – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – Login

H3C S3100-52P Ethernet Switch

Chapter 8 User Control

8-5

III. Configuration procedure

# Define a basic ACL.

system-view

[H3C] acl number 2000 match-order config

[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[H3C-acl-basic-2000] rule 3 deny source any

[H3C-acl-basic-2000] quit

# Apply the ACL.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] acl 2000 inbound

8.3 Controlling Network Management Users by Source IP
Addresses

You can manage an S3100-52P Ethernet switch through network management
software. Network management users can access switches through SNMP.
You need to perform the following two operations to control network management users
by source IP addresses.

z

Defining an ACL

z

Applying the ACL to control users accessing the switch through SNMP

8.3.1 Prerequisites

The controlling policy against network management users is determined, including the
source IP addresses to be controlled and the controlling actions (permitting or denying).

8.3.2 Controlling Network Management Users by Source IP Addresses

Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.

Table 8-5

Control network management users by source IP addresses

Operation

Command

Description

Enter system view

system-view

—

Create a basic ACL

or enter basic ACL

view

acl number

acl-number

[ match-order { config |
auto

} ]

As for the acl number

command, the config

keyword is specified by

default.