Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual

1-5

versions. If you specify ACLs in the commands, the network management users are filtered by the
SNMP group name and SNMP user name.

Configuration Example

Network requirements

As shown in

Figure 8-2

, only SNMP users sourced from the IP addresses of 10.110.100.52 are

permitted to log in to the switching engine.

Figure 8-2

Network diagram for controlling SNMP users using ACLs

Configuration procedure

# Define a basic ACL.

system-view

[device] acl number 2000

[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[device-acl-basic-2000] quit

# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access
the switching engine.

[device] snmp-agent community read aaa acl 2000

[device] snmp-agent group v2c groupa acl 2000

[device] snmp-agent usm-user v2c usera groupa acl 2000

Controlling Web Users by Source IP Address

You can manage the device remotely through Web. Web users can access the switching engine
through HTTP connections.

You need to perform the following two operations to control Web users by source IP addresses.

z

Defining an ACL

z

Applying the ACL to control Web users

Prerequisites

The controlling policy against Web users is determined, including the source IP addresses to be
controlled and the controlling actions (permitting or denying).

Controlling Web Users by Source IP Addresses

Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are
numbered from 2000 to 2999.

Follow these steps to control Web users by source IP addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—