1-2
z A port without an access management IP address pool configured allows the hosts to
access external networks only if their IP addresses are not in the access management
IP address pools of other ports of the switch.
Note that the IP addresses in the access management IP address pool configured on a port
must be in the same network segment as the IP address of the VLAN (where the port
belongs to) interface.
Configuring Access Management Follow these steps to configure access management:
To do… Use the command… Remarks
Enter system view system-view —
Enable access
management function am enable
Required
By default, the system disables the
access management function.
Enable access
management trap am trap enable
Required
By default, access management
trap is disabled
Enter Ethernet port view
interface
interface-type
interface-number —
Configure the access
management IP address
pool of the port
am ip-pool
address-list
Required
By default, no access management
IP address pool is configured.
Display current
configuration of access
management
display am
[ interface-list ] Execute this command in any view.
z Before configuring the access management IP address pool of a port, you need to
configure the interface IP address of the VLAN to which the port belongs, and the IP
addresses in the access management IP address pool of a port must be in the same
network segment as the interface IP address of the VLAN which the port belongs to.
z If an access management address pool configured contains IP addresses that belong
to the static ARP entries of other ports, the system prompts you to delete the
corresponding static ARP entries to ensure the access management IP address pool
can take effect.
z To allow only the hosts with their IP addresses in the access management address pool
of a port to access external networks, do not configure static ARP entries for IP
addresses not in the IP address pool.