Combining Access Management with Port Isolation
Network requirements
Client PCs are connected to the external network through Switch A (an Ethernet switch).
The IP addresses of the PCs of Organization 1 are in the range 202.10.20.1/24 to
202.10.20.20/24, and those of the PCs in Organization 2 are in the range 202.10.20.25/24
to 202.10.20.50/24 and the range 202.10.20.55 to 202.10.20.65/24.
Allow the PCs of Organization 1 to access the external network through GE1/0/1 of
Switch A.
Allow the PCs of Organization 2 to access the external network through GE1/0/2 of
Switch A.
GE1/0/1 and GE1/0/2 belong to VLAN 1. The IP address of VLAN-interface 1 is
202.10.20.200/24.
PCs of Organization 1 are isolated from those of Organization 2 on Layer 2.
Network diagram
Figure 1-3 Network diagram for combining access management and port isolation
Configuration procedure
Perform the following configuration on Switch A.
For information about port isolation and the corresponding configuration, refer to the Port
Isolation Operation.
# Enable access management.
<Sysname> system-view
[Sysname] am enable
# Set the IP address of VLAN-interface 1 to 202.10.20.200/24.
[Sysname] interface Vlan-interface 1
1-4