148 
Controlling portal user access 
Configuring a portal-free rule 
A portal-free rule allows specified users to access specified external websites without portal 
authentication.  
The matching items for a portal-free rule include the host name, source/destination IP address, 
TCP/UDP port number, source MAC address, access interface, and VLAN. Packets matching a 
portal-free rule will not trigger portal authentication, so users sending the packets can directly access 
the specified external websites. 
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the 
system prompts that the rule already exists. 
Regardless of whether portal authentication is enabled or not, you can only add or remove a 
portal-free rule. You cannot modify it. 
To configure an IP-based portal-free rule: 
 
Step Command  Remarks 
1.  Enter system view. 
system-view 
N/A 
2.  Configure an 
IPv4-based portal-free 
rule. 
portal free-rule
 rule-number 
{ 
destination
 
ip
 { ip-address 
{ mask-length | mask } | 
any
 } [ 
tcp
 
tcp-port-number | 
udp
 
udp-port-number ] | 
source
 
ip
 
{ ip-address { mask-length | mask } | 
any
 } [ 
tcp
 tcp-port-number | 
udp
 
udp-port-number ] } * [ 
interface
 
interface-type interface-number ]
 
By default, no IPv4-based 
portal-free rule exists. 
3.  Configure an 
IPv6-based portal-free 
rule. 
portal free-rule
 rule-number 
{ 
destination
 
ipv6
 { ipv6-address 
prefix-length | 
any
 } [ 
tcp
 
tcp-port-number | 
udp
 
udp-port-number ] | 
source
 
ipv6
 
{ ipv6-address prefix-length | 
any
 } 
[ 
tcp
 tcp-port-number | 
udp
 
udp-port-number ] } * [ 
interface
 
interface-type interface-number ]
 
By default, no IPv6-based 
portal-free rule exists. 
 
To configure a source-based portal-free rule: 
 
Step Command  Remarks 
1.  Enter system view. 
system-view 
N/A 
2.  Configure a 
source-based 
portal-free rule. 
portal free-rule
 rule-number 
source
 
{
 interface
 interface-type 
interface-number | 
mac
 mac-address | 
vlan
 vlan-id } * 
By default, no source-based 
portal-free rule exists. 
The 
vlan
 vlan-id option takes effect 
only on portal users that access the 
network through VLAN interfaces. 
If you specify both a VLAN and an 
interface, the interface must belong 
to the VLAN. Otherwise, the 
portal-free rule does not take effect.
 
To configure a destination-based portal-free rule: