302 CHAPTER 17: NETWORK PROTOCOL OPERATIONAccess ManagementConfiguration ExampleNetworking RequirementsOrganization 1 is connected to port 1 of the Switch, and organization 2 to port 2.Ports 1 and 2 belong to the same VLAN. The IP addresses range 202.10.20.1 to202.10.20.20 can be accessed from port 1 and the range 202.10.20.21 to202.10.20.50 from the port 2. Organization 1 and organization 2 cannotcommunicate with each other.Networking DiagramFigure 76 Networking Diagram for Port Isolation ConfigurationConfiguration Procedure1 Enable access management globally.[SW5500]am enable2 Configure the IP address pool for access management on port 1.[SW5500]interface ethernet1/0/1[SW5500-Ethernet1/0/1]am ip-pool 202.10.20.1 203 Add port 1 into isolation group.[SW5500-Ethernet1/0/1]port isolate4 Configure the IP address pool for access management on port 2[SW5500-Ethernet1/0/1]interface ethernt1/0/2[SW5500-Ethernet1/0/2]am ip-pool 202.10.20.21 305 Add port 2 into isolation group.[SW5500-Ethernet1/0/2]port isolateAccess Managementusing the WebThe Security/Authorized IP menu option on the Web interface allows the user tospecify a range of IP addresses that will permit Web, Telnet and SSH access.Network RequirementsEnter an IP address and a ‘wildcard’ value. For example, an authorized IP address of10.10.10.1 with a wildcard of 0.0.0.255 will authorize all addresses from 10.10.10.0to 10.10.10.254.Configuration ProcedureTo configure this feature using the CLI, the following commands should be enteredfrom System View:system-view[SW5500]acl number 2500[SW5500-acl-basic-2500]rule 0 permit source 10.10.10.1 0.0.0.255ExternalNetworkE 0/1 E 0/2
