snmp-agent acl

Function

The snmp-agent acl command configures an SNMP ACL.

The undo snmp-agent acl command deletes the configured SNMP ACL.

By default, no SNMP ACL is configured.

Format

snmp-agent acl { acl-number | acl-name }

snmp-agent acl-ipv4 { acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ]

snmp-agent acl-ipv6 { acl-number | acl-name }

undo snmp-agent acl

Parameters

Parameter	Description	Value
acl	Specifies an ACL that takes effect on both IPv4 and IPv6 networks.	-
acl-ipv4	Specifies an ACL that takes effect on only IPv4 network.	-
acl-ipv6	Specifies an ACL that takes effect on only IPv6 network.	-
acl-number	Specifies the number of an ACL.	The value is an integer ranging from 2000 to 3999.
acl-name	Specifies the name of a basic or an advanced Named ACL.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When using the NMS to manage devices, you can run the snmp-agent acl command to configure an SNMP ACL on the devices and restrict the NMS's access to the devices to enhance network security.

Precautions

The SNMP ACLs take precedence over ACLs based on SNMP community names, SNMP groups, and SNMP users.
To specify the same ACL on both IPv4 and IPv6 networks, you can only run the snmp-agent acl { acl-number | acl-name } command. For example, to allow the NMS that matches ACL 2000 to access the device using SNMP on both IPv4 and IPv6 networks, run the snmp-agent acl 2000 command instead of the snmp-agent acl-ipv4 2000 acl-ipv6 2000 command.
If this command is run more than once, the latest configuration overrides the previous one.

Example

# Configure SNMP ACL 2000 to allow NM stations that match rules defined in ACL 2000 to access the device using SNMP.

<HUAWEI> system-view
[HUAWEI] acl 2000
[HUAWEI-basic-2000] rule permit source 192.168.10.10 0
[HUAWEI-basic-2000] quit
[HUAWEI] snmp-agent acl 2000