beautypg.com

Prerequisites – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 54

background image

6-4

z

Defining an ACL

z

Applying the ACL to control users accessing the access controller through SNMP

Prerequisites

The controlling policy against network management users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).

Controlling Network Management Users by Source IP Addresses

Controlling network management users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999. Refer to ACL in H3C WX6103 Access Controller Switch

Interface Board Configuration Guide

for information about defining an ACL.

To do…

Use the command…

Remarks

Enter system view

system-view

Create a basic ACL or enter basic
ACL view

acl number

acl-number [ name name-number ]

[ match-order { config | auto } ]

As for the acl
number

command,

the config keyword is
specified by default.

Define rules for the ACL

rule

[ rule-id ] { permit | deny } [ source

{ sour-addr sour-wildcard | any } | time-range
time-name

| fragment | logging ]*

Required

Quit to system view

quit

Apply the ACL while configuring
the SNMP community name

snmp-agent community

{ read | write }

community-name

[ mib-view view-name | acl

acl-number

]*

Required

Apply the ACL while configuring
the SNMP group name

snmp-agent group

{ v1 | v2c } group-name

[ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]

snmp-agent group

v3 group-name

[ authentication | privacy ] [ read-view
read-view

] [ write-view write-view ]

[ notify-view notify-view ] [ acl acl-number ]

Required

Apply the ACL while configuring
the SNMP user name

snmp-agent usm-user

{ v1 | v2c } user-name

group-name

[ acl acl-number ]

snmp-agent usm-user

v3 user-name

group-name

[cipher ] [ authentication-mode

{ md5 | sha } auth-password [ privacy-mode
{ des56 | aes128 } priv-password ] ] [ acl
acl-number

]

Required

z

You can specify different ACLs while configuring the SNMP community name, the SNMP group
name and the SNMP user name.

z

Refer to SNMP-RMON in H3C WX6103 Access Controller Switch Interface Board Command
Reference for SNMP-related commands.

See also other documents in the category H3C Technologies Routers: