3com WX3000 Manuel D’Utilisation
7-4
Controlling Network Management Users by Source IP Addresses
You can manage the device through network management software. Network management users can
access switching engines through SNMP.
You need to perform the following two operations to control network management users by source IP
addresses.
z
Defining an ACL
z
Applying the ACL to control users accessing the switching engine through SNMP
Prerequisites
The controlling policy against network management users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).
Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by applying basic ACLs,
which are numbered from 2000 to 2999.
Follow these steps to control network management users by source IP addresses:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a basic ACL or
enter basic ACL view
enter basic ACL view
acl number acl-number [ match-order
{ config | auto } ]
{ config | auto } ]
Required
As for the acl number
command, the config keyword
is specified by default.
command, the config keyword
is specified by default.
Define rules for the
ACL
ACL
rule [ rule-id ] { deny | permit }
[ rule-string ]
[ rule-string ]
Required
Quit to system view
quit
—
Apply the ACL while
configuring the SNMP
community name
configuring the SNMP
community name
snmp-agent community { read |
write } community-name [ mib-view
view-name | acl acl-number ]*
write } community-name [ mib-view
view-name | acl acl-number ]*
Optional
By default, SNMPv1 and
SNMPv2c use community
name to access.
SNMPv2c use community
name to access.
Apply the ACL while
configuring the SNMP
group name
configuring the SNMP
group name
snmp-agent group { v1 | v2c }
group-name [ read-view read-view ]
[ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
group-name [ read-view read-view ]
[ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ]
[ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ]
[ acl acl-number ]
[ authentication | privacy ]
[ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ]
[ acl acl-number ]
Optional
By default, the authentication
mode and the encryption mode
are configured as none for the
group.
mode and the encryption mode
are configured as none for the
group.
Apply the ACL while
configuring the SNMP
user name
configuring the SNMP
user name
snmp-agent usm-user { v1 | v2c }
user-name group-name [ acl
acl-number ]
user-name group-name [ acl
acl-number ]
snmp-agent usm-user v3 user-name
group-name [ cipher ]
[ authentication-mode { md5 | sha }
auth-password [ privacy-mode des56
priv-password ] [ acl acl-number ]
group-name [ cipher ]
[ authentication-mode { md5 | sha }
auth-password [ privacy-mode des56
priv-password ] [ acl acl-number ]
Optional