Syntax
am enable
undo am enable
View
System view
Parameter
None
Description
Using am enable command, you can
enable the access management function.
Using undo am enable command, you
can disable the function.
By default, Access management function
disabled.
When using the access management function,
It is recommended to cancel the static ARP configuration to ensure that the
binding of IP address and Ethernet switch take effect. If you have configured
the static ARP for an IP address in the current port IP address pool from some
other port, the system will prompt to cancel the static ARP setting.
Example
# Enable the access
management function.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] am enable
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
View
Ethernet port view
Parameter
all: Configures
to operate on all the IP addresses (or IP address pools).
ip-pool: Configures
IP address pool for access management.
address-list:
Specifies IP address list in the start-ip-address
[ ip-address-number ] & < 1-10 > format. start-ip-address
is the start address of an IP address range in the pool. ip-address-number
specifies how many IP addresses following start-ip-address in the range.
& < 1-10 > means you can specify ten IP address ranges at most.
Description
Using am ip-pool command, you can
configure the IP address pool for access management on a port. The packet whose
source IP address is in the specified pool is allowed to be forwarded on Layer
3 via the port of the switch.
Using undo am ip-pool command, you
can cancel the access management IP pool of the port.
By default, All the IP address pools for
access control on the port are null and all the packets are permitted through.
Note that
l
The access control IP address pool of a port and
the IP address of the Layer 3 interface to which the port belongs must be on
the same network segment.
l
If the IP address pool to be configured contains
the IP addresses configured in the static ARP at other ports, then the system
prompts you to delete the static ARP to make the later binding effective.
Example
# Configure the
access management IP address pool on Ethernet1/0/1 and permits the addresses
from 202.112.66.2 through 202.112.66.20 and the specified 202.112.65.1 to
access the port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] am ip-pool
202.112.66.2 19 202.112.65.1
Syntax
am trap
enable
undo am
trap enable
View
System view
Parameter
None
Description
Using am trap enable command, you
can enable the access management trap function.
Using undo am trap enable command,
you can disable the access management trap function.
By default, The access management trap
disabled.
Example
# Enable the access
management trap.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] am trap enable
Syntax
display am [
interface-list ]
View
Any view
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the { interface-type interface-number [ to interface-type
interface-number ] } &<1-10> format. interface-type is
port type and interface-number is port number. For details about interface-type,
interface-number, refer to the Port Command Manual.
&<1-10> indicates the preceding parameter can be input up to 10
times.
Description
Using display am command, you can
view the current access management configurations on part or all of the ports.
Example
# Display the access management
configurations on Ethernet1/0/1 and Ethernet1/0/2.
<H3C> display am ethernet1/0/1
ethernet1/0/2
Ethernet1/0/1
Status : enabled
IP Pools : (NULL)
Ethernet1/0/2
Status : enabled
IP Pools : (NULL)
Table 1-1
Description of information
generated by the command display am
|
Field
|
Description
|
|
Ethernet
|
Port to be displayed
|
|
Status
|
AM state on the port: enabled or disabled
|
|
IP Pools
|
IP pools. NULL represents no configuration.
Each IP address section is represented in X.X.X.X (number), of these,
“X.X.X.X” represents the first address, and “number”
represents that “number” consecutive IP addresses from the
beginning of this address are within the IP pools
|
Syntax
display isolate port
View
Any View
Parameter
None
Description
Use the display isolate port command
to display information about the Ethernet ports added to the isolation group.
Example
# Display information about the Ethernet
ports added to the isolation group.
<H3C> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/1
Syntax
port isolate
undo port isolate
View
Ethernet port view
Parameter
None
Description
Use the port isolate command to add
an Ethernet port to the isolation group.
Use the undo port isolate command to
remove an Ethernet port from the isolation group.
By default, the isolation group contains no
port.
Example
# Add Ethernet1/0/1, Ethernet1/0/2 to the
isolation group.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface ethernet1/0/1
[H3C-Ethernet1/0/1] port isolate
[H3C-Ethernet1/0/1] quit
[H3C] interface ethernet1/0/2
[H3C-Ethernet1/0/2] port isolate
