Configuration example, Network requirements, Network diagram – H3C Technologies H3C S3600 Series Switches User Manual

8-5

Follow these steps to control network management users by source IP addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a basic ACL or
enter basic ACL view

acl number acl-number [ match-order
{ auto | config } ]

As for the acl number
command, the config
keyword is specified by
default.

Define rules for the ACL

rule [ rule-id ] { deny | permit } [ rule-string ]

Required

Quit to system view

quit

—

Apply the ACL while
configuring the SNMP
community name

snmp-agent community { read | write }
community-name [ acl acl-number |
mib-view view-name ]*

Apply the ACL while
configuring the SNMP
group name

snmp-agent group { v1 | v2c }
group-name [ read-view read-view ]
[ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]

snmp-agent group v3 group-name
[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]

Apply the ACL while
configuring the SNMP
user name

snmp-agent usm-user { v1 | v2c }
user-name group-name [ acl acl-number ]

snmp-agent usm-user v3 user-name
group-name [ [ cipher ]
authentication-mode { md5 | sha }
auth-password [ privacy-mode { des56 |
aes128 } priv-password ] ] [ acl
acl-number ]

Required

According to the SNMP
version and configuration
customs of NMS users,
you can reference an ACL
when configuring
community name, group
name or username. For
the detailed configuration,
refer to SNMP-RMON for
more.

Configuration Example

Network requirements

Only SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log in to the switch.

Network diagram

Figure 8-2 Network diagram for controlling SNMP users using ACLs

Switch

10.110.100.46

Host A

IP network

Host B

10.110.100.52