Operation Manual – Login
H3C S3610&S5510 Series Ethernet Switches
Chapter 8 Controlling Login Users
8-7
II. Network diagram
Figure 8-2
Network diagram for controlling SNMP users using ACLs
III. Configuration procedure
# Define a basic ACL.
<H3C> system-view
[H3C] acl number 2000 match-order config
[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[H3C-acl-basic-2000] rule 3 deny source any
[H3C-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to access the switch.
[H3C] snmp-agent community read h3c acl 2000
[H3C] snmp-agent group v2c h3cgroup acl 2000
[H3C] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000
8.4 Controlling Web Users by Source IP Address
You can manage a S3610&S5510 series Ethernet switch remotely through Web. Web
users can access a switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP
addresses.
z
Defining an ACL
z
Applying the ACL to control Web users
8.4.1 Prerequisites
The controlling policy against Web users is determined, including the source IP
addresses to be controlled and the controlling actions (permitting or denying).