8-4Controlling Network Management Users by Source IP AddressesYou can manage an S5600 Ethernet switch through network management software. Networkmanagement users can access switches through SNMP.You need to perform the following two operations to control network management users by source IPaddresses.z Defining an ACLz Applying the ACL to control users accessing the switch through SNMPPrerequisitesThe controlling policy against network management users is determined, including the source IPaddresses to be controlled and the controlling actions (permitting or denying).Controlling Network Management Users by Source IP AddressesControlling network management users by source IP addresses is achieved by applying basic ACLs,which are numbered from 2000 to 2999.Follow these steps to control network management users by source IP addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL or enterbasic ACL viewacl number acl-number [ match-order { auto |config } ]As for the acl numbercommand, the configkeyword is specified bydefault.Define rules for the ACL rule [ rule-id ] { deny | permit } [ rule-string ] RequiredQuit to system view quit —Apply the ACL whileconfiguring the SNMPcommunity namesnmp-agent community { read | write }community-name [ acl acl-number | mib-viewview-name ]*Apply the ACL whileconfiguring the SNMPgroup namesnmp-agent group { v1 | v2c } group-name[ read-view read-view ] [ write-view write-view ][ notify-view notify-view ] [ acl acl-number ]snmp-agent group v3 group-name[ authentication | privacy ] [ read-viewread-view ] [ write-view write-view ][ notify-view notify-view ] [ acl acl-number ]Apply the ACL whileconfiguring the SNMP usernamesnmp-agent usm-user { v1 | v2c } user-namegroup-name [ acl acl-number ]snmp-agent usm-user v3 user-namegroup-name [ [ cipher ] authentication-mode{ md5 | sha } auth-password [ privacy-mode{ des56 | aes128 } priv-password ] ] [ aclacl-number ]RequiredAccording to the SNMPversion and configurationcustoms of NMS users, youcan reference an ACL whenconfiguring communityname, group name orusername. For the detailedconfiguration, refer toSNMP-RMON for more.Configuration ExampleNetwork requirementsOnly SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log in to the switch.