Configuration preparation – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 68

53
# Reference ACL 2000 in user interface view to allow telnet users from Host A and Host B to access the
SecBlade card.
[SecBlade] user-interface vty 0 4
[SecBlade-ui-vty0-4] acl 2000 inbound
Configuring source IP-based login control over
NMS users
You can log in to the NMS to remotely manage the SecBlade cards. SNMP is used for communication
between the NMS and the agent that resides in the SecBlade card. By using the ACL, you can control
SNMP user access to the SecBlade card.
Configuration preparation
Before configuration, determine the permitted or denied source IP addresses.
Configuring source IP-based login control over NMS users
Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source
IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For more
information about ACL, see the NetStream Configuration Guide.
Follow these steps to configure source IP-based login control over NMS users:
To do…
Use the command…
Remarks
Enter system view
system-view —
Create a basic ACL and enter
its view, or enter the view of
an existing basic ACL
acl number acl-number [ match-order
{ config | auto } ]
Required
By default, no basic ACL
exists.
Create rules for this ACL
rule [ rule-id ] { permit | deny } [ source
{ sour-addr sour-wildcard | any } |
time-range time-name | fragment |
logging ]*
Required
Exit the basic ACL view
quit
—
Associate this SNMP
community with the ACL
snmp-agent community { read | write }
community-name [ acl acl-number |
mib-view view-name ]*
Required
You can associate the ACL
when creating the
community, the SNMP group,
and the user.
For more information about
SNMP, see the System
Management and
Maintenance Configuration
Guide.
Associate the SNMP group
with the ACL
snmp-agent group { v1 | v2c } group-name
[ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ] [ acl
acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]