1 introduction to am function, 2 am function configuration task list, Ntroduction to – PLANET WGSW-52040 User Manual

Chapter 44 Operational Configuration

of AM Function

44.1 Introduction to AM Function

AM (Access Management) means that when a switch receives an IP or ARP message, it will

compare the information extracted from the message (such as source IP address or source

MAC-IP address) with the configured hardware address pool. If there is an entry in the address

pool matching the information (source IP address or source MAC-IP address), the message

will be forwarded, otherwise, dumped. The reason why source-IP-based AM should be

supplemented by source-MAC-IP-based AM is that IP address of a host might change. Only

with a bound IP, can users change the IP of the host into forwarding IP, and hence enable the

messages from the host to be forwarded by the switch. Given the fact that MAC-IP can be

exclusively bound with a host, it is necessary to make MAC-IP bound with a host for the

purpose of preventing users from maliciously modifying host IP to forward the messages from

their hosts via the switch.

With the interface-bound attribute of AM, network mangers can bind the IP (MAC-IP) address

of a legal user to a specified interface. After that, only the messages sending by users with

specified IP (MAC-IP) addresses can be forwarded via the interface, and thus strengthen the

monitoring of the network security.

44.2 AM Function Configuration Task List

1. Enable AM function

2. Enable AM function on an interface

3. Configure the forwarding IP

4. Configure the forwarding MAC-IP

5. Delete all of the configured IP or MAC-IP or both

6. Display relative configuration information of AM

1. Enable AM function

Command Explanation

44-164