3-85
To do…
Use the command…
Remarks
Associate the user with the ACL
snmp-agent usm-user
{
v1
|
v2c
}
user-name
group-name
[
acl
acl-number
]
snmp-agent usm-user
v3
user-name
group-name
[ [
cipher
]
authentication-mode
{
md5
|
sha
}
auth-password
[
privacy-mode
{
3des
|
aes128
|
des56
}
priv-password
] ] [
acl
acl-number
]
Source IP-Based Login Control Over NMS Users Configuration Example
Network requirements
As shown in
, configure the device to allow only NMS users from Host A and Host B to
access.
Figure 5-2
Network diagram for configuring source IP-based login control over NMS users
Configuration procedure
# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit
packets sourced from Host A.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Summary of Contents for SR6600 SPE-FWM
Page 112: ...6 101...