238 CHAPTER 7: QOS/ACL OPERATION
[SW8800-acl-basic-2000]rule 2 permit source 10.110.100.46 0
[SW8800-acl-basic-2000]quit
2 Import the ACL.
[SW8800]user-interface vty 0 4
[SW8800-user-interface-vty0-4]acl 2000 inbound
Configuring ACL for
SNMP Users
3Com switches support remote network management (NM) and the user can use
SNMP to access them. Proper ACL configuration can prevent illegal users from
logging onto the switches.
Two steps are included in this configuration:
1 Define an ACL
2 Import the ACL to control SNMP users
Defining an ACL
Currently only number-based ACLs can be imported, with the number ranging
from 2000 to 2999. See 3.3.1 Defining ACL for detailed configuration.
Importing the ACL
Import the defined ACL into the commands with SNMP community, username and
group name configured, to achieve ACL control over SNMP users.
Perform the following configurations in system view.
SNMP community is one of the features of SNMP v1 and SNMP v2, so you import
the ACL into the commands with SNMP community configured, for the SNMP V1
and SNMP V2.
SNMP username or group name is one of the features of SNMP V2 and above,
therefore you import the ACL into the commands with SNMP username or group
name configured, for the SNMP V2 and above. If you import the ACL into both
features, the switch will filter both features for the users.
Table 31 Importing an ACL
Operation Command
Import the defined ACL into the
commands with SNMP community
configured
snmp-agent community { read | write }
community-name [ [ mib-view view-name ] | [ acl
acl-number ] ]*
Import the defined ACL into the
commands with SNMP group name
configured
■ snmp-agent group { v1 | v2c } group-name [
read-view read-view ] [ write-view write-view
] [ notify-view notify-view ] [ acl acl-number ]
■ snmp-agent group v3 group-name [
authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [
notify-view notify-view ] [ acl acl-number ]
Import the defined ACL into the
commands with SNMP username
configured
■ snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
■ snmp-agent usm-user v3 user-name
group-name [ authentication-mode { md5 |
sha } auth-password ] [ privacy-mode des56
priv-password ] [ acl acl-number ]