# Reference ACL 2000 on user interfaces VTY 0 through VTY 4 so only Host A and Host B can Telnet to
the AC.
[AC] user-interface vty 0 4
[AC-ui-vty0-4] acl 2000 inbound
Configuring source IP-based SNMP login control
Use a basic ACL (2000 to 2999) to control SNMP logins by source IP address. To access the requested
MIB view, an NMS must use a source IP address permitted by the ACL.
Configuration procedure
To configure source IP-based SNMP login control:
Step
1.
Enter system view.
2.
Create a basic ACL and
enter its view, or enter the
view of an existing basic
ACL.
3.
Configure an ACL rule.
4.
Exit the basic ACL view.
5.
Apply the ACL to an
SNMP community, group,
or user.
Command
system-view
acl [ ipv6 ] number acl-number [ match-order { config |
auto } ]
rule [ rule-id ] { deny | permit } [ source { sour-addr
sour-wildcard | any } | time-range time-range-name |
fragment | logging ] *
quit
•
SNMPv1/v2c community:
snmp-agent community { read | write }
community-name [ acl acl-number | mib-view
view-name ] *
•
SNMPv1/v2c group:
snmp-agent group { v1 | v2c } group-name
[ read-view read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl acl-number ]
•
SNMPv3 group:
snmp-agent group v3 group-name [ authentication
| privacy ] [ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ] [ acl
acl-number ]
•
SNMPv1/v2c user:
snmp-agent usm-user { v1 | v2c } user-name
group-name [ acl acl-number ]
•
SNMPv3 user:
snmp-agent usm-user v3 user-name group-name
[ [ cipher ] authentication-mode { md5 | sha }
auth-password [ privacy-mode { 3des | aes128 |
des56 } priv-password ] ] [ acl acl-number ] *
56
Remarks
N/A
By default, no
basic ACL exists.
N/A
N/A
For more
information about
SNMP, see
Network
Management and
Monitoring
Configuration
Guide.