114
Source IP-based login control over NMS users configuration example
Network requirements
As shown in
, configure the Firewall to allow only NMS users from Host A and Host B to access.
Figure 72
Network diagram for configuring source IP-based login control over NMS users
Configuration procedure
# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit
packets sourced from Host A.
<Firewall > system-view
[Firewall] acl number 2000 match-order config
[Firewall-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Firewall-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Firewall-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Firewall] snmp-agent community read aaa acl 2000
[Firewall] snmp-agent group v2c groupa acl 2000
[Firewall] snmp-agent usm-user v2c usera groupa acl 2000
Configuring source IP-based login control over web users
Administrators can log in to the web management page of the firewall through HTTP or HTTPS to
remotely manage the firewall. By using the ACL, you can control web user access to the firewall.
Configuration preparation
Before configuration, determine the permitted or denied source IP addresses.
Configuration procedure
Basic ACLs match the source IP addresses of packets. You can use basic ACLs to implement source
IP-based login control over web users. Basic ACLs are numbered from 2000 to 2999.
Follow these steps to configure source IP-based login control over web users:
To do…
Use the command…
Remarks
Enter system view
system-view
—