Configuration procedure, Controlling web users by source ip address, Prerequisites – H3C Technologies H3C S3600 Series Switches User Manual

8-6

Configuration procedure

# Define a basic ACL.

system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Sysname-acl-basic-2000] quit

# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access

the switch.

[Sysname] snmp-agent community read aaa acl 2000

[Sysname] snmp-agent group v2c groupa acl 2000

[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

Controlling Web Users by Source IP Address

You can manage an S3600 Ethernet switch remotely through Web. Web users can access a switch

through HTTP connections.

You need to perform the following two operations to control Web users by source IP addresses.

z

Defining an ACL

z

Applying the ACL to control Web users

Prerequisites

The controlling policy against Web users is determined, including the source IP addresses to be

controlled and the controlling actions (permitting or denying).

Controlling Web Users by Source IP Addresses

Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are

numbered from 2000 to 2999.

Follow these steps to control Web users by source IP addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a basic ACL or enter
basic ACL view

acl number acl-number
[ match-order { config | auto } ]

As for the acl number
command, the config keyword
is specified by default.

Define rules for the ACL

rule [ rule-id ] { deny | permit }
[ rule-string ]

Required

Quit to system view

quit

—

Apply the ACL to control
Web users

ip http acl acl-number

Optional

By default, no ACL is applied
for Web users.

Disconnecting a Web User by Force

The administrator can disconnect a Web user by force using the related commands.