62
Configuration procedure
# Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit
packets sourced from Host A.
<Sysname> system-view
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
Configuring Web login control
Use a basic ACL (2000 to 2999) to filter HTTP/HTTPS traffic by source IP address for Web login control.
To access the device, a Web user must use an IP address permitted by the ACL.
You can also log off suspicious Web users who have been logged in.
HTTP is not supported in FIPS mode.
Configuring source IP-based Web login control
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a basic ACL and enter
its view, or enter the view of
an existing basic ACL.
acl [ ipv6 ] number acl-number
[ name name ] [ match-order
{ config | auto } ]
By default, no basic ACL exists.
3. Create rules for this ACL.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { sour-addr sour-wildcard |
any } | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
N/A
4. Exit the basic ACL view.
quit N/A
5. Associate the HTTP service
with the ACL.
ip http acl acl-number
Configure either or both of the
commands.
HTTP login and HTTPS login are
separate login methods. To use
HTTPS login, you do not need to
configure HTTP login.
6. Associate the HTTPS service
with the ACL.
ip https acl acl-number
Logging off online Web users
To Next Page
Loading...
Need help?
General
