Network requirements, Configuration procedure – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 69

To do…

Use the command…

Remarks

Associate the user with the
ACL

snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
snmp-agent usm-user v3 user-name
group-name [ [ cipher ] authentication-mode

{ md5 | sha } auth-password [ privacy-mode

{ 3des | aes128 | des56 } priv-password ] ]
[ acl acl-number ]

Source IP-based login control over NMS users configuration

example

Network requirements

As shown in

Figure 21

, configure the SecBlade card to allow only NMS users from Host A and Host B to

access.

Figure 21 Network diagram for configuring source IP-based login control over NMS users

Configuration procedure

# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit

packets sourced from Host A.

system-view
[SecBlade] acl number 2000 match-order config
[SecBlade-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[SecBlade-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[SecBlade-acl-basic-2000] quit

# Associate the ACL with the SNMP community and the SNMP group.

[SecBlade] snmp-agent community read aaa acl 2000
[SecBlade] snmp-agent group v2c groupa acl 2000
[SecBlade] snmp-agent usm-user v2c usera groupa acl 2000

Host B

10.110.100.52

Host A

10.110.100.46

IP network

SecBlade

IP network

Device

This manual is related to the following products:

H3C S10500 Series Switches H3C S7500E Series Switches H3C S6800 Series Switches H3C S6300 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches H3C S3100V2 Series Switches