Operation Manual – LoginH3C S3100-52P Ethernet switch Chapter 8 User Control8-7III. Configuration procedure# Define a basic ACL. system-view[Sysname] acl number 2000[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0[Sysname-acl-basic-2000] quit# Apply the ACL to only permit SNMP users sourced from the IP addresses of10.110.100.52 to access the switch.[Sysname] snmp-agent community read aaa acl 2000[Sysname] snmp-agent group v2c groupa acl 2000[Sysname] snmp-agent usm-user v2c usera groupa acl 20008.4 Controlling Web Users by Source IP AddressYou can manage an S3100-52P Ethernet switch remotely through Web. Web users canaccess a switch through HTTP connections.You need to perform the following two operations to control Web users by source IPaddresses.z Defining an ACLz Applying the ACL to control Web users8.4.1 PrerequisitesThe controlling policy against Web users is determined, including the source IPaddresses to be controlled and the controlling actions (permitting or denying).8.4.2 Controlling Web Users by Source IP AddressesControlling Web users by source IP addresses is achieved by applying basic ACLs,which are numbered from 2000 to 2999.Follow these steps to control Web users by source IP addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL orenter basic ACL viewacl number acl-number[ match-order { config |auto } ]As for the acl numbercommand, the configkeyword is specified bydefault.Define rules for theACLrule [ rule-id ] { deny |permit } [ rule-string ] RequiredQuit to system view quit —