XGS-5240-Series User Manual

Table Of Contents
Configuration Guide of XGS-5240-Series
49-1
Chapter 49 Operational Configuration
of AM Function
49.1 Introduction to AM Function
AM (Access Management) means that when a switch receives an IP or ARP mess
age, it will compare the information extracted from the message (such as source IP ad
dress or source MAC-IP address) with the configured hardware address pool. If there is
an entry in the address pool matching the information (source IP address or source M
AC-IP address), the message will be forwarded, otherwise, dumped. The reason why s
ource-IP-based AM should be supplemented by source-MAC-IP-based AM is that IP ad
dress of a host might change. Only with a bound IP, can users change the IP of the h
ost into forwarding IP, and hence enable the messages from the host to be forwarded
by the switch. Given the fact that MAC-IP can be exclusively bound with a host, it is n
ecessary to make MAC-IP bound with a host for the purpose of preventing users from
maliciously modifying host IP to forward the messages from their hosts via the switch.
With the interface-bound attribute of AM, network mangers can bind the IP (MAC-I
P) address of a legal user to a specified interface. After that, only the messages sendi
ng by users with specified IP (MAC-IP) addresses can be forwarded via the interface,
and thus strengthen the monitoring of the network security.
49.2 AM Function Configuration Task List
1. Enable AM function
2. Enable AM function on an interface
3. Configure the forwarding IP
4. Configure the forwarding MAC-IP
5. Delete all of the configured IP or MAC-IP or both
6. Display relative configuration information of AM
1. Enable AM function
Command
Explanation
Global Mode
am enable
no am enable
Globally enable or disable AM functio
n.