9-4z Defining an ACLz Applying the ACL to control users accessing the switch through SNMPTo control whether an NMS can manage the switch, you can use this function.PrerequisitesThe controlling policy against network management users is determined, including the source IPaddresses to be controlled and the controlling actions (permitting or denying).Controlling Network Management Users by Source IP AddressesControlling network management users by source IP addresses is achieved by applying basic ACLs,which are numbered from 2000 to 2999.Follow these steps to control network management users by source IP addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL orenter basic ACL viewacl number acl-number [ match-order{ auto | config } ]As for the acl numbercommand, the configkeyword is specified bydefault.Define rules for the ACL rule [ rule-id ] { deny | permit } [ rule-string ] RequiredQuit to system view quit —Apply the ACL whileconfiguring the SNMPcommunity namesnmp-agent community { read | write }community-name [ acl acl-number |mib-view view-name ]*Apply the ACL whileconfiguring the SNMPgroup namesnmp-agent group { v1 | v2c }group-name [ read-view read-view ][ write-view write-view ] [ notify-viewnotify-view ] [ acl acl-number ]snmp-agent group v3 group-name[ authentication | privacy ] [ read-viewread-view ] [ write-view write-view ][ notify-view notify-view ] [ acl acl-number ]Apply the ACL whileconfiguring the SNMPuser namesnmp-agent usm-user { v1 | v2c }user-name group-name [ acl acl-number ]snmp-agent usm-user v3 user-namegroup-name [ [ cipher ]authentication-mode { md5 | sha }auth-password [ privacy-mode { des56 |aes128 } priv-password ] ] [ aclacl-number ]RequiredAccording to the SNMPversion and configurationcustoms of NMS users,you can reference an ACLwhen configuringcommunity name, groupname or username. Forthe detailed configuration,refer to SNMP-RMON formore.Configuration ExampleNetwork requirementsOnly SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log in to the switch.
