8-5Network diagramFigure 8-2 Network diagram for controlling SNMP users using ACLsSwitch10.110.100.46Host AIP networkHost B10.110.100.52Configuration procedure# Define a basic ACL. system-view[Sysname] acl number 2000[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0[Sysname-acl-basic-2000] quit# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to accessthe switch.[Sysname] snmp-agent community read aaa acl 2000[Sysname] snmp-agent group v2c groupa acl 2000[Sysname] snmp-agent usm-user v2c usera groupa acl 2000Controlling Web Users by Source IP AddressYou can manage an S5600 Ethernet switch remotely through Web. Web users can access a switchthrough HTTP connections.You need to perform the following two operations to control Web users by source IP addresses.z Defining an ACLz Applying the ACL to control Web usersPrerequisitesThe controlling policy against Web users is determined, including the source IP addresses to becontrolled and the controlling actions (permitting or denying).Controlling Web Users by Source IP AddressesControlling Web users by source IP addresses is achieved by applying basic ACLs, which arenumbered from 2000 to 2999.Follow these steps to control Web users by source IP addresses:To do… Use the command… RemarksEnter system view system-view —Create a basic ACL or enterbasic ACL viewacl number acl-number [ match-order{ config | auto } ]As for the acl number command,the config keyword is specified bydefault.