8-6Controlling Web Users by Source IP AddressesThe S5120-EI series Ethernet switches support Web-based remote management, which allows Webusers to access the switches using the HTTP protocol. By referencing access control lists (ACLs), youcan control the access of Web users to the switches.PrerequisitesThe control policies to be implemented on Web users are decided, including the source IP addresses tobe controlled and the control action, that is, whether to allow or deny the access.Controlling Web Users by Source IP AddressesThis feature is achieved through the configuration of basic ACLs, the numbers of which are in the range2000 to 2999. For the definition of ACLs, see ACL Configuration in the Security Volume.Follow these steps to configure controlling Web users by source IP addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL or enterbasic ACL viewacl [ ipv6 ] number acl-number[ match-order { config | auto } ]RequiredThe config keyword isspecified by default.Define rules for the ACLrule [ rule-id ] { permit | deny } [ source{ sour-addr sour-wildcard | any } |time-range time-name | fragment |logging ]*RequiredQuit to system view quit —Reference the ACL to controlWeb users ip http acl acl-number RequiredForcing Online Web Users OfflineThe network administrators can run a command to force online Web users offline.Perform the following operation to force online Web users offline:To do… Use the command… RemarksForce online Web users offline free web-users { all | user-id user-id |user-name user-name }RequiredUse this command inuser viewConfiguration ExampleNetwork requirementsConfigure a basic ACL to allow only Web users using IP address 10.110.100.52 to access the switch.