Chinaunix首页 | 论坛 | 博客
  • 博客访问: 248068
  • 博文数量: 37
  • 博客积分: 2035
  • 博客等级: 大尉
  • 技术积分: 377
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-27 09:51
个人简介

在技术学习之路坚持走下去

文章分类

全部博文(37)

文章存档

2015年(12)

2011年(1)

2010年(3)

2009年(11)

2008年(10)

我的朋友

分类: 系统运维

2009-03-16 00:42:22

一、简单介绍

H3C S9500系列路由支持通过网管软件进行远程管理。网管用户可以通过SNMP访问,对这些用户的ACL控制功能可以过滤掉不合法的网管用户,使其不能登录本。

二、S8500设备实例

1.组网需求

仅允许来自10.110.100.5210.110.100.46SNMP用户访问。

2.组网图

SwitchSNMP用户进行ACL控制

3. 步骤

# 定义基本访问控制列表和子规则。

system-view

System View: return to User View with Ctrl+Z.

[H3C] acl number 2000 match-order config

[H3C-acl-baisc-2000] rule 1 permit source 10.110.100.52 0

[H3C-acl-baisc-2000] rule 2 permit source 10.110.100.46 0

[H3C-acl-basic-2000] rule 3 deny source any

[H3C-acl-baisc-2000] quit

# 引用访问控制列表。

[H3C] snmp-agent community read test acl 2000

[H3C] snmp-agent group v3 testgroup acl 2000

[H3C] snmp-agent usm-user v3 testuser testgroup acl 2000

snmp-agent communitysnmp-agent groupsnmp-agent usm-use三个命令中引用的访问控制列表可以是不同的访问控制列表。网管用户的ACL控制功能只能引用基于数字标识的基本访问控制列表。

三、正确状态显示

[H3C]dis snmp-agent sys-info                                                   

   The contact person for this managed node:                                   

           R&D Hangzhou, H3C Technology co.,Ltd.                        

                                                                               

   The physical location of this node:                                         

           Hangzhou China                                                       

                                                                               

   SNMP version running in the system:                                         

           SNMPv3                                                              

                                                                                

[H3C]dis snmp-agent usm-user                                                   

   User name: testuser                                                         

   Group name: testgroup                                                       

       Authencation Mode: no                                                   

       Privacy Mode: no                                                        

       Engine ID: 800007DB00E0FC2989796877 active                              

       Acl:2000                                                                

                                                                               

[H3C]dis snmp-agent statistic                                                   

  0 Messages delivered to the SNMP entity                                      

  0 Messages which were for an unsupported version                             

  0 Messages which used an unknown SNMP community name                          

  0 Messages which represented an illegal operation for the community supplied 

  0 ASN.1 or BER errors in the process of decoding                             

  0 Messages passed from the SNMP entity                                        

  0 SNMP PDUs which had badValue error-status                                  

  0 SNMP PDUs which had genErr error-status                                    

  0 SNMP PDUs which had noSuchName error-status                                

  0 SNMP PDUs which had tooBig error-status (Maximum packet size 2000)         

  0 MIB objects retrieved successfully                                         

  0 MIB objects altered successfully                                           

  0 GetRequest-PDU accepted and processed                                      

  0 GetNextRequest-PDU accepted and processed                                  

  0 GetBulkRequest-PDU accepted and processed                                  

  0 GetResponse-PDU accepted and processed                                     

  0 SetRequest-PDU accepted and processed                                      

  0 Trap PDUs accepted and processed                                           

  0 Alternate Response Class PDUs droped silently                              

  0 Forwarded Confirmed Class PDUs droped silently                             

[H3C]dis snmp-agent community                                                  

   Community name:test                                                          

       Group name:test                                                         

       Acl:2000                                                                

       Storage-type: nonVolatile                                                

                                                                               

[H3C]dis snmp-agent group                                                      

                                                                               

   Group name: testgroup                                                       

       Security model: v3 noAuthnoPriv                                         

       Readview: ViewDefault                                                   

       Writeview:                                                

       Notifyview :                                              

       Storage-type: nonVolatile                                               

       Acl:2000                

[H3C]dis cu

#                                                                              

acl number 2000                                                                

 rule 1 permit source 10.110.100.52 0                                           

 rule 2 permit source 10.110.100.46 0                                          

 rule 3 deny

#                                                                              

 snmp-agent                                                                     

 snmp-agent local-engineid 800007DB00E0FC2989796877                            

 snmp-agent community read  test acl 2000                                      

 snmp-agent sys-info version v3                                                

 snmp-agent group v3 testgroup acl  2000

 snmp-agent usm-user v3 testuser testgroup  acl 20

阅读(2151) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~