Operation Manual – LoginH3C S5500-EI Series Ethernet Switches Chapter 8 Controlling Login Users8-7[H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0[H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0[H3C-acl-basic-2000] rule 3 deny source any[H3C-acl-basic-2000] quit# Apply the ACL to only permit SNMP users sourced from the IP addresses of10.110.100.52 and 10.110.100.46 to access the switch.[H3C] snmp-agent community read h3c acl 2000[H3C] snmp-agent group v2c h3cgroup acl 2000[H3C] snmp-agent usm-user v2c h3cuser h3cgroup acl 20008.4 Controlling Web Users by Source IP AddressYou can manage a S5500-EI series Ethernet switch remotely through Web. Web userscan access a switch through HTTP connections.You need to perform the following two operations to control Web users by source IPaddresses.z Defining an ACLz Applying the ACL to control Web users8.4.1 PrerequisitesThe controlling policy against Web users is determined, including the source IPaddresses to be controlled and the controlling actions (permitting or denying).8.4.2 Controlling Web Users by Source IP AddressesControlling Web users by source IP addresses is achieved by applying basic ACLs,which are numbered from 2000 to 2999.To do… Use the command… RemarksEnter system view system-view —Create a basic ACLor enter basic ACLviewacl number acl-number[ match-order { config |auto } ]As for the acl numbercommand, the configkeyword is specified bydefault.Define rules for theACLrule [ rule-id ] { permit | deny }[ source { sour-addrsour-wildcard | any } |time-range time-name |fragment | logging ]*RequiredQuit to system view quit —Apply the ACL tocontrol Web users ip http acl acl-number Optional