3com 5500-ei pwr Instruccion De Instalación
8-6
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access
the switch.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Controlling Web Users by Source IP Address
You can manage an Ethernet switch remotely through Web. Web users can access a switch through
HTTP connections.
You need to perform the following two operations to control Web users by source IP addresses.
z
Defining an ACL
z
Applying the ACL to control Web users
Prerequisites
The controlling policy against Web users is determined, including the source IP addresses to be
controlled and the controlling actions (permitting or denying).
Controlling Web Users by Source IP Addresses
Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are
numbered from 2000 to 2999.
Follow these steps to control Web users by source IP addresses:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a basic ACL or enter
basic ACL view
basic ACL view
acl number acl-number
[ match-order { config | auto } ]
[ match-order { config | auto } ]
As for the acl number
command, the config keyword
is specified by default.
command, the config keyword
is specified by default.
Define rules for the ACL
rule [ rule-id ] { deny | permit }
[ rule-string ]
[ rule-string ]
Required
Quit to system view
quit
—
Apply the ACL to control
Web users
Web users
ip http acl acl-number
Optional
By default, no ACL is applied
for Web users.
for Web users.
Disconnecting a Web User by Force
The administrator can disconnect a Web user by force using the related commands.
Follow these steps to disconnect a Web user by force: