300
Configuration guidelines
• If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
VLAN. Otherwise, the rule does not take effect.
• You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise,
the system prompts that the rule already exists.
• Regardless of whether portal authentication is enabled or not, you can only add or remove a
portal-free rule. You cannot modify it.
• A Layer 2 interface in an aggregation group cannot be specified as the source interface of a
portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation
group.
Configuration procedure
To configure a portal-free rule:
Step Command
1. Enter system
view.
system-view
2. Configure a
portal-free rule.
portal free-rule
rule-number {
destination
{
any
|
ip
{ ip-address
mask
{ mask-length | netmask } |
any
} } |
source
{
any
| [
interface
interface-type
interface-number |
ip
{ ip-address
mask
{ mask-length | mask } |
any
} |
mac
mac-address |
vlan
vlan-id ] * } } *
Configuring an authentication source subnet
Only Layer 3 portal authentication supports this feature.
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on
any authentication source subnet, the access device discards all the user's HTTP packets that do not
match any portal-free rule.
Configuration of authentication source subnets applies to only cross-subnet authentication. In direct
authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode,
the authentication source subnet of an interface is the subnet to which the private IP address of the
interface belongs.
If both authentication source subnets and destination subnets are configured on an interface, only
the authentication destination subnet takes effect.
To configure an authentication source subnet:
Step Command Remarks
1. Enter system
view.
system-view
N/A
2. Enter interface
view.
interface
interface-type interface-number
N/A
3. Configure an
authentication
source subnet.
portal auth-network
network-address
{ mask-length | mask }
Optional.
By default, the authentication
source IP subnet is 0.0.0.0/0,
respectively, which mean that
users from any subnets must
pass portal authentication.
You can configure up to 16
authentication source subnets.
To Next Page
Loading...
Need help?
General
