H3C S3600 Command Manual-Release 1602(V1.02)

HomeSupportSwitchesH3C S3600 Switch SeriesReference GuidesCommand ReferencesH3C S3600 Command Manual-Release 1602(V1.02)
45-Access Management Command
Title Size Download
45-Access Management Command 31.25 KB

Access Management Configuration Commands

am enable

Syntax

am enable

undo am enable

View

System view

Parameters

None

Description

Use the am enable command to enable the access management function.

Use the undo am enable command to disable the function.

By default, Access management function is disabled.

Before enabling access management, you are recommended to cancel the static ARP configuration to ensure that the binding of IP address and Ethernet switch can take effect.

Examples

# Enable the access management function.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] am enable

am ip-pool

Syntax

am ip-pool address-list

undo am ip-pool { all | address-list }

View

Ethernet port view

Parameters

all: Specifies all the IP addresses (or IP address pools).

address-list: IP address list. You need to provide this argument in the format of start-ip-address [ ip-address-number ]  & < 1-10 >, where start-ip-address is the start IP address of an IP address range in the address pool, ip-address-number specifies the number of the successive IP addresses following start-ip-address in the range, and & < 1-10 > means you can specify up to ten IP addresses/IP address ranges.

Description

Use the am ip-pool command to configure the access management IP address pool on a port. For a port with the access management IP address pool configured, only the hosts with their IP addresses being in the access management pool can access external networks through the port.

Use the undo am ip-pool command to remove part of or all the IP addresses from the access management IP address pool of a port.

By default, the access management IP address pool is null.

Note that:

l          Before configuring the access management IP address pool of a port, you need to configure the interface IP address of the VLAN to which the port belongs, and the IP addresses in the access management IP address pool of a port must be in the same network segment as the interface IP address of the VLAN which the port belongs to.

l          If an access management address pool configured contains IP addresses that belong to the static ARP entries of other ports, the system prompts you to delete the corresponding static ARP entries to ensure the access management IP address pool can take effect.

Examples

# Configure the access management IP address pool on Ethernet 1/0/1 to allow hosts with their IP addresses being in the range 202.112.66.2 to 202.112.66.20 and 202.112.65.1 to access external networks through the port.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] am ip-pool 202.112.66.2 19 202.112.65.1

# Remove all the IP addresses from the access management IP address pool of port Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] undo am ip-pool all

am trap enable

Syntax

am trap enable

undo am trap enable

View

System view

Parameters

None

Description

Use the am trap enable command to enable the access management trap function.

Use the undo am trap enable command to disable the access management trap function.

By default, the access management trap function is disabled.

Examples

# Enable the access management trap.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] am trap enable

display am

Syntax

display am [ interface-list ]

View

Any view

Parameters

interface-list: Port list. You need to provide this argument in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where interface-type is port type, interface-number is port number, and &<1-10> means that you can specify up to ten ports/port lists.

Description

Use the display am command to display the current access management configuration, including the status (enabled/disabled), and the access management IP address pool configuration information.

If you do not specify the interface-list argument, this command displays the current access management configuration of all the ports.

Examples

# Display the access management configurations of Ethernet 1/0/1 and Ethernet 1/0/2.

<Sysname> display am Ethernet 1/0/1 Ethernet 1/0/2

Ethernet1/0/1

 Status       : enabled

 IP Pools     : 10.10.1.1(19) 10.10.1.30(1)

Ethernet1/0/2

 Status       : enabled

 IP Pools     : (NULL)

Table 1-1 Description on the fields of the display am command

Field

Description

Status

Access Management state of a port: enabled or disabled

IP Pools

Access management IP pools. NULL means the access management IP pool is not configured. Each IP address range is represented as X.X.X.X (number), among which “X.X.X.X” is the starting address and “number” indicates the number of successive IP addresses contained in the IP address range.

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网