User Control
63
Prerequisites
The controlling policy against network management users is determined, including
the source IP addresses to be controlled and the controlling actions (permitting or
denying).
Controlling Network Management Users by Source IP Addresses
Controlling network management users by source IP addresses is achieved by
applying basic ACLs, which are numbered from 2000 to 2999.
n
You can specify different ACLs while configuring the SNMP community name,
SNMP group name, and SNMP user name.
As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified
ACLs in the command that configures SNMP community names (the
snmp-agent
community
command) take effect in the network management systems that
adopt SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP username name are a feature of
SNMPv2c and the higher SNMP versions, the specified ACLs in the commands that
configure SNMP group names and SNMP user names take effect in the network
management systems that adopt SNMPv2c or higher SNMP versions. If you specify
Table 33
Control network management users by source IP addresses
Operation
Command
Description
Enter system view
system-view
-
Create a basic ACL or
enter basic ACL view
acl number
acl-number
[
match-order
{
config
|
auto
} ]
As for the
acl number
command,
the
config
keyword is specified by
default.
Define rules for the
ACL
rule
[
rule-id
] {
deny | permit
} [
rule-string
]
Required
Quit to system view
quit
-
Apply the ACL while
configuring the SNMP
community name
snmp-agent community
{
read
|
write
}
community-name
[
mib-view
view-name
|
acl
acl-number
]*
Optional
By default, SNMPv1 and SNMPv2c
use community name to access.
Apply the ACL while
configuring the SNMP
group name
snmp-agent group
{
v1
|
v2c
}
group-name
[
read-view
read-view
] [
write-view
write-view
] [
notify-view
notify-view
] [
acl
acl-number
]
snmp-agent group v3
group-name
[
authentication
|
privacy
] [
read-view
read-view
] [
write-view
write-view
] [
notify-view
notify-view
] [
acl
acl-number
]
Optional
By default, the authentication
mode and the encryption mode
are configured as none for the
group.
Apply the ACL while
configuring the SNMP
user name
snmp-agent usm-user
{
v1
|
v2c
}
user-name group-name
[
acl
acl-number
]
snmp-agent usm-user v3
user-name group-name
[
cipher
]
[
authentication-mode
{
md5
|
sha
}
auth-password
[
privacy-mode des56
priv-password
] [
acl
acl-number
]
Optional
Summary of Contents for Switch 4210 9-Port
Page 22: ...20 CHAPTER 1 CLI CONFIGURATION ...
Page 74: ...72 CHAPTER 3 CONFIGURATION FILE MANAGEMENT ...
Page 84: ...82 CHAPTER 5 VLAN CONFIGURATION ...
Page 96: ...94 CHAPTER 8 IP PERFORMANCE CONFIGURATION ...
Page 108: ...106 CHAPTER 9 PORT BASIC CONFIGURATION ...
Page 122: ...120 CHAPTER 11 PORT ISOLATION CONFIGURATION ...
Page 140: ...138 CHAPTER 13 MAC ADDRESS TABLE MANAGEMENT ...
Page 234: ...232 CHAPTER 17 802 1X CONFIGURATION ...
Page 246: ...244 CHAPTER 20 AAA OVERVIEW ...
Page 270: ...268 CHAPTER 21 AAA CONFIGURATION ...
Page 292: ...290 CHAPTER 26 DHCP BOOTP CLIENT CONFIGURATION ...
Page 318: ...316 CHAPTER 29 MIRRORING CONFIGURATION ...
Page 340: ...338 CHAPTER 30 CLUSTER ...
Page 362: ...360 CHAPTER 33 SNMP CONFIGURATION ...
Page 368: ...366 CHAPTER 34 RMON CONFIGURATION ...
Page 450: ...448 CHAPTER 39 TFTP CONFIGURATION ...
Page 451: ......
Page 452: ...450 CHAPTER 39 TFTP CONFIGURATION ...
Page 470: ...468 CHAPTER 40 INFORMATION CENTER ...
Page 496: ...494 CHAPTER 44 DEVICE MANAGEMENT ...