Configuring An Authentication Source Subnet - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Configuration guidelines
If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the
•
VLAN. Otherwise, the rule does not take effect.
•
You cannot configure two or more portal-free rules with the same filtering criteria. Otherwise, the
system prompts that the rule already exists.
Regardless of whether portal authentication is enabled or not, you can only add or remove a
•
portal-free rule. You cannot modify it.
A Layer 2 interface in an aggregation group cannot be specified as the source interface of a
•
portal-free rule, and the source interface of a portal-free rule cannot be added to an aggregation
group.
Configuration procedure
To configure a portal-free rule:
Step
1.
Enter system view.
2.
Configure a portal-free
rule.
Configuring an authentication source subnet
By configuring authentication source subnets, you specify that only HTTP packets from users on the
authentication source subnets can trigger portal authentication. If an unauthenticated user is not on any
authentication source subnet, the access device discards all the user's HTTP packets that do not match
any portal-free rule.
Configuration of authentication source subnets applies to only cross-subnet authentication. In direct
authentication mode, the authentication source subnet is 0.0.0.0/0. In re-DHCP authentication mode,
the authentication source subnet of an interface is the subnet to which the private IP address of the
interface belongs.
If both an authentication source subnet and destination subnet are configured on an interface, only the
authentication destination subnet takes effect.
To configure an authentication source subnet:
Step
1.
Enter system view.
2.
Enter interface
view.
Command
system-view
portal free-rule rule-number { destination { any | ip { ip-address mask
{ mask-length | mask } | any } [ tcp tcp-port-number [ to tcp-port-number ] |
udp udp-port-number [ to udp-port-number ] ] } | source { any | [ interface
interface-type interface-number | ip { ip-address mask { mask-length | mask }
| any } [ tcp tcp-port-number [ to tcp-port-number ] | udp udp-port-number [ to
udp-port-number ] ] | mac mac-address | vlan vlan-id ] ] * } } *
Command
system-view
interface interface-type interface-number
135
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
