beautypg.com

Prerequisites – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 66

background image

1-4

Prerequisites

The controlling policy against network management users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).

Controlling Network Management Users by Source IP Addresses

Controlling network management users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999.

Follow these steps to control network management users by source IP addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a basic ACL or
enter basic ACL view

acl number

acl-number [ match-order

{ config | auto } ]

Required
As for the acl number command,
the config keyword is specified by
default.

Define rules for the ACL

rule

[ rule-id ] { deny | permit } [ rule-string ]

Required

Quit to system view

quit

Apply the ACL while
configuring the SNMP
community name

snmp-agent community

{ read | write }

community-name

[ mib-view view-name |

acl

acl-number ]*

Optional
By default, SNMPv1 and SNMPv2c
use community name to access.

Apply the ACL while
configuring the SNMP
group name

snmp-agent group

{ v1 | v2c }

group-name

[ read-view read-view ]

[ write-view write-view ] [ notify-view
notify-view

] [ acl acl-number ]

snmp-agent group

v3 group-name

[ authentication | privacy ] [ read-view
read-view

] [ write-view write-view ]

[ notify-view notify-view ] [ acl acl-number ]

Optional
By default, the authentication mode
and the encryption mode are
configured as none for the group.

Apply the ACL while
configuring the SNMP
user name

snmp-agent usm-user

{ v1 | v2c }

user-name

group-name [ acl acl-number ]

snmp-agent usm-user

v3 user-name

group-name

[ cipher ]

[ authentication-mode { md5 | sha }
auth-password

[ privacy-mode des56

priv-password

] [ acl acl-number ]

Optional

You can specify different ACLs while configuring the SNMP community name, SNMP group name, and
SNMP user name.

As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs in the command
that configures SNMP community names (the snmp-agent community command) take effect in the
network management systems that adopt SNMPv1 or SNMPv2c.

Similarly, as SNMP group name and SNMP username name are a feature of SNMPv2c and the higher
SNMP versions, the specified ACLs in the commands that configure SNMP group names and SNMP
user names take effect in the network management systems that adopt SNMPv2c or higher SNMP

See also other documents in the category H3C Technologies Routers: