- Table of Contents
-
- H3C S3600 Series Ethernet Switches Command Manual-Release 1510(V1.04)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Configuration Command
- 06-Management VLAN Command
- 07-Voice VLAN Command
- 08-GVRP Command
- 09-Port Basic Configuration Command
- 10-Link Aggregation Command
- 11-Port Isolation Command
- 12-Port Security-Port Binding Command
- 13-DLDP Command
- 14-MAC Address Table Command
- 15-Auto Detect Command
- 16-MSTP Command
- 17-Routing Protocol Command
- 18-Multicast Command
- 19-802.1x Command
- 20-AAA-RADIUS-HWTACACS-EAD Command
- 21-VRRP Command
- 22-Centralized MAC Address Authentication Command
- 23-ARP Command
- 24-DHCP Command
- 25-ACL Command
- 26-QoS-QoS Profile Command
- 27-Web Cache Redirection Command
- 28-Mirroring Command
- 29-IRF Fabric Command
- 30-Cluster Command
- 31-PoE-PoE Profile Command
- 32-UDP Helper Command
- 33-SNMP-RMON Command
- 34-NTP Command
- 35-SSH Terminal Service Command
- 36-File System Management Command
- 37-FTP and TFTP Command
- 38-Information Center Command
- 39-System Maintenance and Debugging Command
- 40-VLAN-VPN Command
- 41-HWPing Command
- 42-DNS Command
- 43-Access Management Command
- 44-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
43-Access Management Command | 42 KB |
Chapter 1 Access Management Configuration Commands
1.1 Access Management Configuration Commands
1.1.1 am enable
Syntax
am enable
undo am enable
View
System view
Parameter
None
Description
Using am enable command, you can enable the access management function.
Using undo am enable command, you can disable the function.
By default, Access management function disabled.
When using the access management function, It is recommended to cancel the static ARP configuration to ensure that the binding of IP address and Ethernet switch take effect. If you have configured the static ARP for an IP address in the current port IP address pool from some other port, the system will prompt to cancel the static ARP setting.
Example
# Enable the access management function.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] am enable
1.1.2 am ip-pool
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
View
Ethernet port view
Parameter
all: Configures to operate on all the IP addresses (or IP address pools).
ip-pool: Configures IP address pool for access management.
address-list: Specifies IP address list in the start-ip-address [ ip-address-number ] & < 1-10 > format. start-ip-address is the start address of an IP address range in the pool. ip-address-number specifies how many IP addresses following start-ip-address in the range. & < 1-10 > means you can specify ten IP address ranges at most.
Description
Using am ip-pool command, you can configure the IP address pool for access management on a port. The packet whose source IP address is in the specified pool is allowed to be forwarded on Layer 3 via the port of the switch.
Using undo am ip-pool command, you can cancel the access management IP pool of the port.
By default, All the IP address pools for access control on the port are null and all the packets are permitted through.
Note that
l The access control IP address pool of a port and the IP address of the Layer 3 interface to which the port belongs must be on the same network segment.
l If the IP address pool to be configured contains the IP addresses configured in the static ARP at other ports, then the system prompts you to delete the static ARP to make the later binding effective.
Example
# Configure the access management IP address pool on Ethernet1/0/1 and permits the addresses from 202.112.66.2 through 202.112.66.20 and the specified 202.112.65.1 to access the port.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] am ip-pool 202.112.66.2 19 202.112.65.1
1.1.3 am trap enable
Syntax
am trap enable
undo am trap enable
View
System view
Parameter
None
Description
Using am trap enable command, you can enable the access management trap function.
Using undo am trap enable command, you can disable the access management trap function.
By default, The access management trap disabled.
Example
# Enable the access management trap.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] am trap enable
1.1.4 display am
Syntax
display am [ interface-list ]
View
Any view
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the { interface-type interface-number [ to interface-type interface-number ] } &<1-10> format. interface-type is port type and interface-number is port number. For details about interface-type, interface-number, refer to the Port Command Manual. &<1-10> indicates the preceding parameter can be input up to 10 times.
Description
Using display am command, you can view the current access management configurations on part or all of the ports.
Example
# Display the access management configurations on Ethernet1/0/1 and Ethernet1/0/2.
<H3C> display am ethernet1/0/1 ethernet1/0/2
Ethernet1/0/1
Status : enabled
IP Pools : (NULL)
Ethernet1/0/2
Status : enabled
IP Pools : (NULL)
Table 1-1 Description of information generated by the command display am
Field |
Description |
Ethernet |
Port to be displayed |
Status |
AM state on the port: enabled or disabled |
IP Pools |
IP pools. NULL represents no configuration. Each IP address section is represented in X.X.X.X (number), of these, “X.X.X.X” represents the first address, and “number” represents that “number” consecutive IP addresses from the beginning of this address are within the IP pools |
1.1.5 display isolate port
Syntax
display isolate port
View
Any View
Parameter
None
Description
Use the display isolate port command to display information about the Ethernet ports added to the isolation group.
Example
# Display information about the Ethernet ports added to the isolation group.
<H3C> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/1
1.1.6 port isolate
Syntax
port isolate
undo port isolate
View
Ethernet port view
Parameter
None
Description
Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from the isolation group.
By default, the isolation group contains no port.
Example
# Add Ethernet1/0/1, Ethernet1/0/2 to the isolation group.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface ethernet1/0/1
[H3C-Ethernet1/0/1] port isolate
[H3C-Ethernet1/0/1] quit
[H3C] interface ethernet1/0/2
[H3C-Ethernet1/0/2] port isolate