Network diagram, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual
Page 1145
1-4
z
Ethernet 1/0/1 and Ethernet 1/0/2 belong to VLAN 1. The IP address of VLAN-interface 1 is
202.10.20.200/24.
z
PCs of Organization 1 are isolated from those of Organization 2 on Layer 2.
Network diagram
Figure 1-3 Network diagram for combining access management and port isolation
Switch A
Switch B
Eth1/0/1
PC1_1
PC1_2
PC1_20
Internet
202.10.20.1/24~202.10.20.20/24
Switch C
Eth1/0/2
PC2_1
PC2_2
PC2_37
Organization2
Organization1
202.10.20.25/24~202.10.20.50/24
202.10.20.55/24~202.10.20.65/24
Vlan-int1
202.10.20.200/24
Configuration procedure
Perform the following configuration on Switch A.
For information about port isolation and the corresponding configuration, refer to the Port Isolation
Operation.
# Enable access management.
[Sysname] am enable
# Set the IP address of VLAN-interface 1 to 202.10.20.200/24.
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ip address 202.10.20.200 24
[Sysname-Vlan-interface1] quit
# Configure the access management IP address pool on Ethernet 1/0/1.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] am ip-pool 202.10.20.1 20
# Add Ethernet 1/0/1 to the port isolation group.
[Sysname-Ethernet1/0/1] port isolate
[Sysname-Ethernet1/0/1] quit
# Configure the access management IP address pool on Ethernet 1/0/2.
[Sysname] interface Ethernet 1/0/2