Syntax
am enable
undo am enable
View
System view
Parameters
None
Description
Use the am enable command to enable the
access management function.
Use the undo am enable command to
disable the function.
By default, Access management function is disabled.
Before enabling access management, you are
recommended to cancel the static ARP configuration to ensure that the binding
of IP address and Ethernet switch can take effect.
Examples
# Enable the access
management function.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] am enable
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
View
Ethernet port view
Parameters
all: Specifies
all the IP addresses (or IP address pools).
address-list:
IP address list. You need to provide this argument in
the format of start-ip-address [ ip-address-number ] & <
1-10 >, where start-ip-address is the start IP address of an IP
address range in the address pool, ip-address-number specifies the
number of the successive IP addresses following start-ip-address in the
range, and & < 1-10 > means you can specify up to ten IP addresses/IP
address ranges.
Description
Use the am ip-pool command to
configure the access management IP address pool on a port. For a port with the
access management IP address pool configured, only the hosts with their IP
addresses being in the access management pool can access external networks through
the port.
Use the undo am ip-pool command to remove
part of or all the IP addresses from the access management IP address pool of a
port.
By default, the access management IP
address pool is null.
Note that:
l
Before configuring the access management IP
address pool of a port, you need to configure the interface IP address of the
VLAN to which the port belongs, and the IP addresses in the access management
IP address pool of a port must be in the same network segment as the interface
IP address of the VLAN which the port belongs to.
l
If an access management address pool configured
contains IP addresses that belong to the static ARP entries of other ports, the
system prompts you to delete the corresponding static ARP entries to ensure the
access management IP address pool can take effect.
Examples
# Configure the
access management IP address pool on GigabitEthernet 1/0/1 to allow hosts with
their IP addresses being in the range 202.112.66.2 to 202.112.66.20 and 202.112.65.1
to access external networks through the port.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface GigabitEthernet
1/0/1
[Sysname-GigabitEthernet1/0/1] am
ip-pool 202.112.66.2 19 202.112.65.1
# Remove all the IP addresses from the
access management IP address pool of port GigabitEthernet 1/0/1.
[Sysname-GigabitEthernet1/0/1] undo am
ip-pool all
Syntax
am trap enable
undo am trap enable
View
System view
Parameters
None
Description
Use the am trap enable command to
enable the access management trap function.
Use the undo am trap enable command
to disable the access management trap function.
By default, the access management trap function
is disabled.
Examples
# Enable the access
management trap.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] am trap enable
Syntax
display am [
interface-list ]
View
Any view
Parameters
interface-list: Port list. You need to provide this argument in the format of { interface-type interface-number [ to interface-type
interface-number ] } &<1-10>, where interface-type is port
type, interface-number is port number, and &<1-10> means that
you can specify up to ten ports/port lists.
Description
Use the display am command to display
the current access management configuration, including the status
(enabled/disabled), and the access management IP address pool configuration
information.
If you do not specify the interface-list
argument, this command displays the current access management configuration of
all the ports.
Examples
# Display the access management
configurations of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
<Sysname> display am GigabitEthernet
1/0/1 GigabitEthernet 1/0/2
GigabitEthernet1/0/1
Status : enabled
IP Pools : 10.10.1.1(19) 10.10.1.30(1)
GigabitEthernet1/0/2
Status : enabled
IP Pools : (NULL)
Table 1-1 Description on the fields of the
display am command
|
Field
|
Description
|
|
Status
|
Access Management state of a port:
enabled or disabled
|
|
IP Pools
|
Access management IP pools. NULL means
the access management IP pool is not configured. Each IP address range is
represented as X.X.X.X (number), among which “X.X.X.X” is the starting
address and “number” indicates the number of successive IP
addresses contained in the IP address range.
|
