Table of Contents
Advertisement
Chapter 49 Operational Configuration of AM
49.1 Introduction to AM Function
AM (Access Management) means that when a s witch receives an IP or A RP message, it will compare the
information extracted from the message (such as source IP address or source MAC-IP address) with the
configured hardware address pool. If there is an entry in the address pool matching the information (source IP
address or source MAC-IP address), the message will be forwarded, ot herwise, dumped. The reas on why
source-IP -based AM should be supplemented by source-MAC-IP -based AM is that IP address of a host might
change. Only with a bound IP, can users change the IP of the host into forwarding IP, and hence enable the
messages from t he host to be forwarded by the switch. Given t he fact that MAC-IP can be exclusively bound
with a host, it is necessary to make MAC-IP bound with a host for the purpose of preventing users from
maliciously modifying host IP to forward the messages from their hosts via the switch.
With the interface-bound attribute of AM, net work mangers can bind t he IP (MA C-IP) address of a legal user
to a specified interfac e. After that, only the messages sending by users with specified IP (MAC-IP ) addresses
can be forwarded via the interface, and thus strengthen the monitoring of the network security.
49.2 AM Function Configuration Task List
1. Enable AM function
2. Enable AM function on an interface
3. Configure the forwarding IP
4. Configure the forwarding MAC-IP
5. Delet e all of the configured IP or MA C-IP or both
6. Display relative configuration information of AM
1. Enable AM function
Global Mode
am enable
no am enable
2. Enable AM function on an interface
Port Mode
am port
no am port
Command
Command
Explanation
Globally enable or disable AM function.
Explanation
Enable/disable AM function on the port.
When the AM function is enabled on the
port, no IP or A RP message will be
forwarded by default.
49-1
Function
Advertisement
Table of Contents
Troubleshooting
