beautypg.com

Configuring access management, Access management configuration examples, Access management configuration example – H3C Technologies H3C S3600 Series Switches User Manual

Page 1143: Network requirements

background image

1-2

Configuring Access Management

Follow these steps to configure access management:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable access
management function

am enable

Required

By default, the system disables the
access management function.

Enable access
management trap

am trap enable

Required

By default, access management trap is
disabled

Enter Ethernet port view

interface interface-type
interface-number

Configure the access
management IP address
pool of the port

am ip-pool address-list

Required

By default, no access management IP
address pool is configured.

Display current
configuration of access
management

display am
[ interface-list ]

Execute this command in any view.

z

Before configuring the access management IP address pool of a port, you need to configure the

interface IP address of the VLAN to which the port belongs, and the IP addresses in the access

management IP address pool of a port must be in the same network segment as the interface IP

address of the VLAN which the port belongs to.

z

If an access management address pool configured contains IP addresses that belong to the static

ARP entries of other ports, the system prompts you to delete the corresponding static ARP entries

to ensure the access management IP address pool can take effect.

z

To allow only the hosts with their IP addresses in the access management address pool of a port to

access external networks, do not configure static ARP entries for IP addresses not in the IP

address pool.

Access Management Configuration Examples

Access Management Configuration Example

Network requirements

Client PCs are connected to the external network through Switch A (an Ethernet switch). The IP

addresses of the PCs of Organization 1 are in the range 202.10.20.1/24 to 202.10.20.20/24. The IP

address of PC 2 is 202.10.20.100/24, and that of PC 3 is 202.10.20.101/24.

z

Allow the PCs of Organization 1 to access the external network through Ethernet 1/0/1 on Switch A.

The port belongs to VLAN 1, and the IP address of VLAN-interface 1 is 202.10.20.200/24.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: