- Table of Contents
-
- H3C S3600 Command Manual-Release 1602(V1.02)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-Auto Detect Command
- 15-MSTP Command
- 16-Routing Protocol Command
- 17-Multicast Command
- 18-802.1x and System Guard Command
- 19-AAA Command
- 20-Web Authentication Command
- 21-MAC Address Authentication Command
- 22-VRRP Command
- 23-ARP Command
- 24-DHCP Command
- 25-ACL Command
- 26-QoS-QoS Profile Command
- 27-Web Cache Redirection Command
- 28-Mirroring Command
- 29-IRF Fabric Command
- 30-Cluster Command
- 31-PoE-PoE Profile Command
- 32-UDP Helper Command
- 33-SNMP-RMON Command
- 34-NTP Command
- 35-SSH Command
- 36-File System Management Command
- 37-FTP-SFTP-TFTP Command
- 38-Information Center Command
- 39-System Maintenance and Debugging Command
- 40-VLAN-VPN Command
- 41-HWPing Command
- 42-IPv6 Management Command
- 43-DNS Command
- 44-Smart Link-Monitor Link Command
- 45-Access Management Command
- 46-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
45-Access Management Command | 31.25 KB |
Table of Contents
1 Access Management Configuration Commands
Access Management Configuration Commands
Access Management Configuration Commands
am enable
Syntax
am enable
undo am enable
View
System view
Parameters
None
Description
Use the am enable command to enable the access management function.
Use the undo am enable command to disable the function.
By default, Access management function is disabled.
Before enabling access management, you are recommended to cancel the static ARP configuration to ensure that the binding of IP address and Ethernet switch can take effect.
Examples
# Enable the access management function.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] am enable
am ip-pool
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
View
Ethernet port view
Parameters
all: Specifies all the IP addresses (or IP address pools).
address-list: IP address list. You need to provide this argument in the format of start-ip-address [ ip-address-number ] & < 1-10 >, where start-ip-address is the start IP address of an IP address range in the address pool, ip-address-number specifies the number of the successive IP addresses following start-ip-address in the range, and & < 1-10 > means you can specify up to ten IP addresses/IP address ranges.
Description
Use the am ip-pool command to configure the access management IP address pool on a port. For a port with the access management IP address pool configured, only the hosts with their IP addresses being in the access management pool can access external networks through the port.
Use the undo am ip-pool command to remove part of or all the IP addresses from the access management IP address pool of a port.
By default, the access management IP address pool is null.
Note that:
l Before configuring the access management IP address pool of a port, you need to configure the interface IP address of the VLAN to which the port belongs, and the IP addresses in the access management IP address pool of a port must be in the same network segment as the interface IP address of the VLAN which the port belongs to.
l If an access management address pool configured contains IP addresses that belong to the static ARP entries of other ports, the system prompts you to delete the corresponding static ARP entries to ensure the access management IP address pool can take effect.
Examples
# Configure the access management IP address pool on Ethernet 1/0/1 to allow hosts with their IP addresses being in the range 202.112.66.2 to 202.112.66.20 and 202.112.65.1 to access external networks through the port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] am ip-pool 202.112.66.2 19 202.112.65.1
# Remove all the IP addresses from the access management IP address pool of port Ethernet 1/0/1.
[Sysname-Ethernet1/0/1] undo am ip-pool all
am trap enable
Syntax
am trap enable
undo am trap enable
View
System view
Parameters
None
Description
Use the am trap enable command to enable the access management trap function.
Use the undo am trap enable command to disable the access management trap function.
By default, the access management trap function is disabled.
Examples
# Enable the access management trap.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] am trap enable
display am
Syntax
display am [ interface-list ]
View
Any view
Parameters
interface-list: Port list. You need to provide this argument in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where interface-type is port type, interface-number is port number, and &<1-10> means that you can specify up to ten ports/port lists.
Description
Use the display am command to display the current access management configuration, including the status (enabled/disabled), and the access management IP address pool configuration information.
If you do not specify the interface-list argument, this command displays the current access management configuration of all the ports.
Examples
# Display the access management configurations of Ethernet 1/0/1 and Ethernet 1/0/2.
<Sysname> display am Ethernet 1/0/1 Ethernet 1/0/2
Ethernet1/0/1
Status : enabled
IP Pools : 10.10.1.1(19) 10.10.1.30(1)
Ethernet1/0/2
Status : enabled
IP Pools : (NULL)
Table 1-1 Description on the fields of the display am command
Field |
Description |
Status |
Access Management state of a port: enabled or disabled |
IP Pools |
Access management IP pools. NULL means the access management IP pool is not configured. Each IP address range is represented as X.X.X.X (number), among which “X.X.X.X” is the starting address and “number” indicates the number of successive IP addresses contained in the IP address range. |