No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R011C10 Configuration Guide - Network Management and Monitoring

This document provides the configurations of network management and monitoring features supported by the product, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, and sFlow.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Can I Restrict the NMSs That Manage the Device?

How Can I Restrict the NMSs That Manage the Device?

If you want to restrict the NMSs that can manage the device, run the snmp-agent acl command to configure an SNMP access control list (ACL).

To restrict the NMSs that can manage a device running SNMPv1 or SNMPv2c based on community names, run the snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } | alias alias-name ] * command with an ACL specified. After the command is executed, only the NMS using the specified SNMP community name and matching the ACL can manage the device.

To restrict the NMSs that can manage a device running SNMPv3 based on user groups or users, run the snmp-agent group v3 group-name { authentication | privacy | noauthentication } acl acl-number or snmp-agent usm-user v3 user-name acl acl-number command with an ACL specified. After the command is executed, only the NMS using the specified SNMPv3 user group or user and matching the ACL can manage the device.

NOTE:
  • Only basic ACLs and advanced ACLs can be specified in the configuration of community name, user group, or user.
  • If the login user name used by the NMS is not configured on the device, the device discards the request packet received from the NMS and records an error log. In addition, the device does not check the request packet against the ACL.
  • If the login user name used by the NMS is configured on the device, the device checks the request packet received from the NMS against the ACL. If the packet does not match the ACL, a log indicating negative ACL matching is recorded.

In the following example, the NMSs that can manage a device based on SNMP community name are restricted.

<HUAWEI> system-view
[HUAWEI] acl 2001
[HUAWEI-acl-basic-2001] rule 5 permit source 10.1.1.2 0.0.0.0
[HUAWEI-acl-basic-2001] rule 6 deny source 10.1.1.1 0.0.0.0
[HUAWEI-acl-basic-2001] quit
[HUAWEI] snmp-agent community write huawei_user acl 2001

In the following example, the NMSs that can manage a device based on SNMPv3 user group are restricted.

[HUAWEI] snmp-agent group v3 huawei_group privacy acl 2001

In the following example, the NMSs that can manage a device based on SNMPv3 user are restricted.

[HUAWEI] snmp-agent usm-user v3 huawei_user acl 2001
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000178020

Views: 63941

Downloads: 7

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next