7-5
You can specify different ACLs while configuring the SNMP community name, SNMP group name, and
SNMP user name.
As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs in the command
that configures SNMP community names (the snmp-agent community command) take effect in the
network management systems that adopt SNMPv1 or SNMPv2c.
Similarly, as SNMP group name and SNMP username name are a feature of SNMPv2c and the higher
SNMP versions, the specified ACLs in the commands that configure SNMP group names and SNMP
user names take effect in the network management systems that adopt SNMPv2c or higher SNMP
versions. If you specify ACLs in the commands, the network management users are filtered by the
SNMP group name and SNMP user name.
Configuration Example
Network requirements
As shown in Figure 7-2, only SNMP users sourced from the IP addresses of 10.110.100.52 are
permitted to log in to the switching engine.
Figure 7-2 Network diagram for controlling SNMP users using ACLs
Configuration procedure
# Define a basic ACL.
<device> system-view
[device] acl number 2000
[device-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[device-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access
the switching engine.
[device] snmp-agent community read aaa acl 2000
[device] snmp-agent group v2c groupa acl 2000
[device] snmp-agent usm-user v2c usera groupa acl 2000
Controlling Web Users by Source IP Address
You can manage the device remotely through Web. Web users can access the switching engine
through HTTP connections.
You need to perform the following two operations to control Web users by source IP addresses.
z Defining an ACL
