1-3
z Allow the PCs of Organization 1 to access the external network through GigabitEthernet 1/0/1 on
Switch A. The port belongs to VLAN 1, and the IP address of VLAN-interface 1 is
202.10.20.200/24.
z Disable the PCs that are not of Organization 1 (PC 2 and PC 3) from accessing the external
network through GigabitEthernet 1/0/1 of Switch A.
Network diagram
Figure 1-2 Network diagram for access management configuration
Switch A
Switch B
GE1/0/1
PC1_1 PC1_2
PC1_20
PC 2 PC 3
Internet
202.10.20.1/24~202.10.20.20/24
Organization 1
Vlan-int1
202.10.20.200/24
202.10.20.100/24 202.10.20.101/24
Configuration procedure
Perform the following configuration on Switch A.
# Enable access management.
<Sysname> system-view
[Sysname] am enable
# Set the IP address of VLAN-interface 1 to 202.10.20.200/24.
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ip address 202.10.20.200 24
[Sysname-Vlan-interface1] quit
# Configure the access management IP address pool on GigabitEthernet 1/0/1.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] am ip-pool 202.10.20.1 20
Combining Access Management with Port Isolation
Network requirements
Client PCs are connected to the external network through Switch A (an Ethernet switch). The IP
addresses of the PCs of Organization 1 are in the range 202.10.20.1/24 to 202.10.20.20/24, and those
of the PCs in Organization 2 are in the range 202.10.20.25/24 to 202.10.20.50/24 and the range
202.10.20.55 to 202.10.20.65/24.
To Next Page
Loading...
